Commit 21f548f
Update ports section in services.md (#22368)
Explicitly state the dangers if a port mapping binds to all interfaces
## Description
<!-- Tell us what you did and why -->
We recently discovered that docker was bypassing our firewall rules when
forwarding ports from a container using the standard `<host
port>:<container port>` syntax. What this meant was that the container
was effectively visible to the entire internet. It was only after some
digging did we discover that it is possible and even recommended to
explicitly bind the host port to localhost so it doesn't accept
connections from everywhere. This PR updates the docs to explicitly
state the potential dangers of not specifying a localhost when exposing
docker container ports.
## Reviews
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
---------
Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>1 parent 5c73210 commit 21f548f
1 file changed
+6
-0
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1651 | 1651 | | |
1652 | 1652 | | |
1653 | 1653 | | |
| 1654 | + | |
| 1655 | + | |
| 1656 | + | |
| 1657 | + | |
1654 | 1658 | | |
1655 | 1659 | | |
1656 | 1660 | | |
| |||
1659 | 1663 | | |
1660 | 1664 | | |
1661 | 1665 | | |
| 1666 | + | |
| 1667 | + | |
1662 | 1668 | | |
1663 | 1669 | | |
1664 | 1670 | | |
| |||
0 commit comments