Re: PostgreSQL port accessible even though it should be blocked by firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Frank Thommen wrote:
> On 10/29/2018 08:43 PM, Keith Keller wrote:
>
>> On 2018-10-29, Frank Thommen <list.centos@xxxxxxxxxx> wrote:
>>
>>>
>>> PostgreSQL is running in a docker container:
>>>
>>>
>>> $ docker ps
>>> CONTAINER ID        IMAGE                         COMMAND
>>> CREATED             STATUS              PORTS                    NAMES
>>>  6f11fc41d2f0        postgres                  "docker-entrypoint..."
>>> 4
>>> days ago          Up 4 days           0.0.0.0:5432->5432/tcp
>>> postgres $
>>>
>>>
>>> The various docker interfaces and virtual bridges are not assigned to
>>>  any specific zone.
>>>
>>> Why is port 5432/tcp open?
>>>
>>
>> It may be Docker manipulating the iptables rules.  If you don't want it
>>  open at all, remove the port argument from the docker run command line
>>  (or moral equivalent) and recreate the container (make sure you have
>> saved your data first, either with a volume mount or by dumping first).
>
> Unfortunately I can't control how users start their containers and I
> cannot force them not to forward ports.  But I will see if I can prevent
> Docker from manipulating iptables as described in the very helpful link
> below.
>
<snip>
There is a security level, but it would break some user's docker packages.

The more I learn about docker, the more I actively dislike it as a massive
security hole.

        mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux