On 10/29/2018 08:43 PM, Keith Keller wrote: > On 2018-10-29, Frank Thommen <list.centos at drosera.ch> wrote: >> >> PostgreSQL is running in a docker container: >> >> $ docker ps >> CONTAINER ID IMAGE COMMAND >> CREATED STATUS PORTS NAMES >> 6f11fc41d2f0 postgres "docker-entrypoint..." 4 >> days ago Up 4 days 0.0.0.0:5432->5432/tcp postgres >> $ >> >> The various docker interfaces and virtual bridges are not assigned to >> any specific zone. >> >> Why is port 5432/tcp open? > > It may be Docker manipulating the iptables rules. If you don't want it > open at all, remove the port argument from the docker run command line > (or moral equivalent) and recreate the container (make sure you have > saved your data first, either with a volume mount or by dumping first). Unfortunately I can't control how users start their containers and I cannot force them not to forward ports. But I will see if I can prevent Docker from manipulating iptables as described in the very helpful link below. > If you need something more complex, here's some docs on how Docker > interacts with iptables, and how you can insert rules into its chains: > > https://docs.docker.com/network/iptables/ > > --keith frank