customizing docker daemon to listen on internal addresses

Question

customizing docker daemon to listen on internal addresses

dvizzini opened this issue 7 years ago · comments

Thank you so much for writing this repo.

An interactive shell would be invaluable to me, but I cannot figure out what you mean by "customizing docker daemon to listen on internal addresses."

I see the comand iptables --insert INPUT 1 --in-interface docker+ --protocol tcp --destination-port MYDOCKERPORT --jump DROP here. should I run my docker command with a -p MYDOCKERPORT option? Should I run the iptables command on my laptop. Would this allow me to interactively exec into a container in ecs?

Thank you.

-Daniel Vizzini

Daniel Vizzini commented 7 years ago

Thanks.

Xiuming Chen · Answer 1 · Sat Aug 12 2017 21:15:05 GMT+0800 (China Standard Time)

@dvizzini The command is a security enhancement for the containers.

To allow you to execute commands into a container, the container instances need to listen on a port to allow communicating with the docker daemon API on the container instances from your computer.