prevent Docker from exposing port on host

If i start a container using -p 80 for example, docker will assign a random outbound port.

Everytime Docker assign a port, it also add an iptable rule to open this port to the world, is it possible to prevent this behaviour ?

  • Running impala sql script from Docker file
  • How to define OpenJDK 8 in CentOS based Dockerfile?
  • how to clear cache memory inside docker container
  • Artifactory: using NetScaler as a reverse proxy for Docker
  • Disable docker image being run as daemon (restart always policy)
  • fork/exec ./debug: operation not permitted
  • Note : I am using a nginx load balancer to get the content, I really don’t need to have my application associated with two different port.

  • Docker ignores iptable rules when using “-p <port>:<port>”
  • Dockerized Angular 4, Django and postgresql - Process exited with status 127, error code=H10 desc=“App crashed”
  • what's the docker pattern of serving both static and dynamic content
  • Docker images for application packaging
  • What is the difference between volumes-from and volumes?
  • Docker non-root access: Error loading config file:stat /home/wu/.docker/config.json
  • 2 Solutions collect form web for “prevent Docker from exposing port on host”

    You can specify both interface and port as follows:

    -p ip:hostPort:containerPort


    -p ip::containerPort

    Another solution is to run nginx inside container and to use conteiner linking without exposing other services whatsoever.

    The iptable feature is a startup parameter for the docker demon. Look for the docker demon conf file in your docker installation. Add –iptables=false and docker never touches your iptables.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.