Hi, this puzzles me: On one of our developer workstations, all ports with the exception of SSH are closed: $ firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eno1 sources: services: ssh dhcpv6-client ports: 22/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: $ but still port 5432/tcp (PostgreSQL) is open: $ nmap -P0 devel-host Starting Nmap 6.40 ( http://nmap.org ) at 2018-10-29 19:46 CET Nmap scan report for devel-host (xxx.xxx.xxx.xxx) Host is up (0.94s latency). rDNS record for xxx.xxx.xxx.xxx: devel-host.our.domain Not shown: 998 filtered ports PORT STATE SERVICE 22/tcp open ssh 5432/tcp open postgresql Nmap done: 1 IP address (1 host up) scanned in 57.26 seconds $ PostgreSQL is running in a docker container: $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6f11fc41d2f0 postgres "docker-entrypoint..." 4 days ago Up 4 days 0.0.0.0:5432->5432/tcp postgres $ The various docker interfaces and virtual bridges are not assigned to any specific zone. Why is port 5432/tcp open? frank