Docker and iptables firewall

Docker works perfectly fine when no firewall is running on the host machine. Without the firewall docker containers can communicate with each other and with the outside world. But with the firewall we need to setup some rules in order to allow traffic to and from the docker interface. Below it is detailed how we can configure the firewall for docker on a Centos server.

First of all let us find the docker interface and IP, we can do that using the ifconfig command:

Here the interface name is docker0. Now we can setup firewall rules using the iptables command:

With these rules setup, Docker containers can now talk to each other and the outside world.

If you use CSF (Config Server Firewall), a custom chain with these rules can be added to file, like below:

And then reload the firewall rules using the command below:


hi there

really nice post. thanks for that.

how can i specify the gateway for my containers? i want to route the container traffic via a private_ip NIC. or certain outgoing connections to internal ip’s (from containers) need to go via the private ip nic. any idea how i could archive this via IPTABLES?

Leave a Reply