How to block traffic from a specific IP address with Docker enabled

12 Sep 2023 - Help improve this post

Using Docker can sometimes lead to an issue where all traffic routes through Docker via iptables, bypassing other layers such as NGINX. To mitigate this, you’ll need to introduce a specific rule in iptables targeting the DOCKER-USER chain.

Suppose you aim to block all incoming traffic from the IP address 1.2.3.4. Here’s how you can achieve that:

1. View Current iptables Rules

Begin by checking the existing rules. This will give you an overview and confirm the presence of the “Chain DOCKER-USER”:

sudo iptables -L -v -n

2. Add a Rule to Block the IP

Once you’ve verified the “Chain DOCKER-USER”, proceed to add a rule that blocks the desired IP address. To block traffic from 1.2.3.4, use the following command:

sudo iptables -I DOCKER-USER -s 1.2.3.4 -j DROP

After executing the above command, iptables will begin blocking traffic originating from the IP address 1.2.3.4.

It’s important that this DROP row is above other rows in iptables.

Happy coding! – Found a mistake or a typo? Please submit a PR to my GitHub-repo.

Adriaan's blog

How to block traffic from a specific IP address with Docker enabled

1. View Current iptables Rules

2. Add a Rule to Block the IP

Related Posts

How to block last history item in terminal on macOS 23 Nov 2023

Remove and redirect trailing slashes from URLs in Nuxt 3 29 Nov 2022

A simple loading animation component in Vue.js 05 Oct 2022