Frank Thommen wrote:
On 10/29/2018 08:43 PM, Keith Keller wrote:
On 2018-10-29, Frank Thommen list.centos@drosera.ch wrote:
PostgreSQL is running in a docker container:
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6f11fc41d2f0 postgres "docker-entrypoint..." 4 days ago Up 4 days 0.0.0.0:5432->5432/tcp postgres $
The various docker interfaces and virtual bridges are not assigned to any specific zone.
Why is port 5432/tcp open?
It may be Docker manipulating the iptables rules. If you don't want it open at all, remove the port argument from the docker run command line (or moral equivalent) and recreate the container (make sure you have saved your data first, either with a volume mount or by dumping first).
Unfortunately I can't control how users start their containers and I cannot force them not to forward ports. But I will see if I can prevent Docker from manipulating iptables as described in the very helpful link below.
<snip> There is a security level, but it would break some user's docker packages.
The more I learn about docker, the more I actively dislike it as a massive security hole.
mark