0

When I deploy Docker Compose services, I found that the Docker containers are all on one bridged linux segment; this much is expected. However, sometimes I have had problems connecting from one linux Docker Compose bridged segment to other networks on the same linux system even though ip forwarding was enabled in the linux kernel.

How does Docker isolate bridged container segments from each other?

Improve this question

1 Answer 1

Reset to default
0

By default, Docker Compose uses dedicated iptables chains to isolate ingress and egress traffic to the bridged Docker segment.

You can see the rules applied to the Docker segment by checking iptables -L and look for the DOCKER-ISOLATION-* chains.

From a routing perspective, each Docker Compose bridge has a "routed gateway ip address" that is assigned to a linux bridge interface.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .