Created
March 24, 2020 14:48
-
-
Save conclusionlogic/2af60c54acbc4a006d85c2f1feef5de1 to your computer and use it in GitHub Desktop.
[block access to docker container] block access to a specific docker container #docker #iptables #bash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # BLOCK ACCESS TO CONTAINER: manipulates existing rule by replacing it | |
| CONTAINER='pricing-service' | |
| # prep: | |
| IP_ADDRESS=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{print .IPAddress}}{{end}}' $(docker ps | awk -v service="$CONTAINER" '$0~service{print $1}')) | |
| RULE="$(iptables --list DOCKER --line-numbers -n|awk -v address="$IP_ADDRESS" '$0~address{print $1}')" | |
| # to block: | |
| iptables -R DOCKER ${RULE} -d ${IP_ADDRESS}/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j DROP | |
| # to unblock: | |
| iptables -R DOCKER ${RULE} -d ${IP_ADDRESS}/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment