Frank Thommen wrote: > On 10/29/2018 08:43 PM, Keith Keller wrote: > >> On 2018-10-29, Frank Thommen <list.centos at drosera.ch> wrote: >> >>> >>> PostgreSQL is running in a docker container: >>> >>> >>> $ docker ps >>> CONTAINER ID IMAGE COMMAND >>> CREATED STATUS PORTS NAMES >>> 6f11fc41d2f0 postgres "docker-entrypoint..." >>> 4 >>> days ago Up 4 days 0.0.0.0:5432->5432/tcp >>> postgres $ >>> >>> >>> The various docker interfaces and virtual bridges are not assigned to >>> any specific zone. >>> >>> Why is port 5432/tcp open? >>> >> >> It may be Docker manipulating the iptables rules. If you don't want it >> open at all, remove the port argument from the docker run command line >> (or moral equivalent) and recreate the container (make sure you have >> saved your data first, either with a volume mount or by dumping first). > > Unfortunately I can't control how users start their containers and I > cannot force them not to forward ports. But I will see if I can prevent > Docker from manipulating iptables as described in the very helpful link > below. > <snip> There is a security level, but it would break some user's docker packages. The more I learn about docker, the more I actively dislike it as a massive security hole. mark