[CentOS] PostgreSQL port accessible even though it should be blocked by firewall
Frank Thommen
list.centos at drosera.ch
Tue Oct 30 15:34:17 UTC 2018
On 10/29/2018 08:43 PM, Keith Keller wrote:
> On 2018-10-29, Frank Thommen <list.centos at drosera.ch> wrote:
>>
>> PostgreSQL is running in a docker container:
>>
>> $ docker ps
>> CONTAINER ID IMAGE COMMAND
>> CREATED STATUS PORTS NAMES
>> 6f11fc41d2f0 postgres "docker-entrypoint..." 4
>> days ago Up 4 days 0.0.0.0:5432->5432/tcp postgres
>> $
>>
>> The various docker interfaces and virtual bridges are not assigned to
>> any specific zone.
>>
>> Why is port 5432/tcp open?
>
> It may be Docker manipulating the iptables rules. If you don't want it
> open at all, remove the port argument from the docker run command line
> (or moral equivalent) and recreate the container (make sure you have
> saved your data first, either with a volume mount or by dumping first).
Unfortunately I can't control how users start their containers and I
cannot force them not to forward ports. But I will see if I can prevent
Docker from manipulating iptables as described in the very helpful link
below.
> If you need something more complex, here's some docs on how Docker
> interacts with iptables, and how you can insert rules into its chains:
>
> https://docs.docker.com/network/iptables/
>
> --keith
frank
More information about the CentOS
mailing list