Comment on Verifying & Validating a Docker Container
aksdb@lemmy.world 1 week ago
Well, a big advantage of containers is, that you can isolate them pretty aggressively. So if you run a container that is supposed to serve content on a single HTTP port, expose only that port, mount no unnecessary volumes and run it on a network that blocks all outgoing traffic. Ideally the only thing left will be incoming traffic on the one port the service is supposed to serve.
usuarioimanol@lemmy.world 1 week ago
Block outgoing traffic, do you mean blocking it at my router or at the level of where I have the container hosted?
aksdb@lemmy.world 1 week ago
I talk fully about software. Add appropriate nftable rules to the container network and that’s it.