I'd love something sorta like this but for Docker containers running APIs or web... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		meonkeys on Aug 11, 2024 \| parent \| context \| favorite \| on: OpenSnitch is a GNU/Linux interactive application ... I'd love something sorta like this but for Docker containers running APIs or web services. Like: containerA: all outbound traffic allowed containerB: no outbound traffic allowed, except to reply to a client containerC: may only reach out to updates.example.com Is this just per-container iptables? I could wedge iptables into existing images but it seems like a lot of work. Or maybe something with iptables on the host?

rnmmrnm on Aug 11, 2024 [–]

just my two cents that netfilter (for which iptables is a frontend) is a kernel subsystem and therefore global to all containers on host.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact