Docker Snippets
Restrict Network Can be useful when using a third-party image that we do not trust Run with no network docker run --network none <image> Run with private isolated network At least containers attached to this network can talk with another docker network create --internal my_isolated_network docker run --network my_isolated_network <image> Block using firewall e.g. using iptables or ipfw # Get container's IP docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <container_name> # Block all outbound connections from that IP sudo iptables -I DOCKER-USER -s <container_ip> -j DROP ...