Common pitfalls with Docker networking and how to firewall
twitter.comyou should know that docker doesnt make firewalling containers easy
1) devices one hop away can route directly to the container network, for example the WAN interface can make requests to 172.17.0.2
2) INPUT firewall rules won't help. with docker's defaults the DOCKER-USER chain needs to filtering
3) container networks have access to private subnets upstream of the container. this is a common problem in many homelab setups
4) browsers can be a springboard for malicious websites to attempt to exploit testing docker containers on adjacent networks with default credentails