This is a simple container that adds iptables rules to the host in a custom chain, in order to open some ports to the public and/or allow any connection from given IPs. This is useful for example with RancherOS, where just about everything runs as a container. When the container is stopped, the chain is removed.
docker run --name firewall \
--env OPEN_PORTS="22,80,443" \
--env OPEN_PORTS_UDP="60000:60010" \
--env ACCEPT_ALL_FROM="ip1,ip2" \
--env CHAIN="DOCKER-FIREWALL" \
-itd \
--restart=always \
--cap-add=NET_ADMIN \
--net=host \
nikkoura/docker-firewall:1 \
Either or both ˋOPEN_PORTSˋ / ˋOPEN_PORTS_UDPˋ has to be specified.
This container image is available on the Docker hub: https://hub.docker.com/r/nikkoura/firewall
This fork is based on https://github.com/vitobotta/docker-firewall. Thanks!