A story about a crypto-miner, a sketchy API wrapper, and the creation of Dockerwall: a zero-trust outbound firewall for Docker.

(First blog post ever, would appreciate your input!)

Edit: Title was a lil clickbaity

  • Mikelius@lemmy.mlEnglish
    3·
    21 days ago

    I’ve just use iptables rules which default block all docker containers any network access. I assign static ranges to those I permit access, though. It does occasionally throw me off when adding new services and not understanding why sometimes they don’t work right away, but I prefer it that way.

    • ElectricVocalist@jlai.luOPEnglish
      2·
      21 days ago

      I totally agree and this is basically what it does except I added an allowlist feature, but I have some containers with an empty allowlist