Docker 101 : Limiting the communication between containers

We start by creating our containers and we check their IP addresses as below


And "containerB":

Lets see if our containers "containerA" and "containerB" can communicate.

We try to ping the "containerB" form the "containerA":

We try to do the same from the "containerB":

As we can see, by default docker allows communication between its containers, we could disable that using the "--icc" flag in the default docker configuration file.

We can set the "--icc" flag to "false" along with setting the "--iptables" flag that lets docker manipulate the iptables.

To be able to modify these flags, we stop the docker service using the below command:

Then we set the below parameters usually in the default docker file "/etc/default/docker":

We finally restart docker using the below command:

We can now check the iptables rules, to see if docker added any "DROP" rules to the host iptables to stop the communications between the containers:


Leave as a comment: