Docker: Restricting in- and outbound network traffic

1 · André König · Oct. 10, 2017, 2:58 p.m.
Imagine a scenario in which you might have a stinky module deep in your dependency graph. A dependency that wants to do something evil – a malware. "But I'm isolating everything in a Docker container at runtime!", you might say. Indeed, that helps when the evil module tries to mess up with your filesystem or other host related aspects. But what if the module wants to phone home? 🤔 I thought about that problem today and want to share my approach with you. Before I headed straight into tinkerin...