I want to allow incoming port to 1 IP address

[stefandevo]

Running a DB in a container (SQL).
1433 port is now exposed to everyone.

How can I allow communication between other docker(compose) files but only allow a certain IP address to connect to port 1433?

[capnspacehook]

I'm assuming that the DB container that has port 1433 exposed is done so by mapping a container port to a host port. If so, you can control access to that port by specifying a 'mapped_port' rule. If the IP you want to be able to access port 1433 is on a local network you need to create a 'localhost' rule, otherwise you need to create an 'external' rule and specify the specific IP you want to be allowed. See the configuration reference on the README for more details.

As for allowing communication between containers in other docker compose files, I haven't tested that but I don't see why it wouldn't work. Whalewall blocks all traffic by default so you'll have to explicitly create 'output' rules allowing containers to talk to each other. When specifying the destination container, if it's in a different docker compose file you may need to prepend the directory the compose file is in to the container name as that's how docker compose names containers. Run 'docker ps' while the desired destination container is running to get the exact name.

I'm not 100% sure what you're trying to accomplish, but it sounds to me like you want to only restrict access to the mapped port 1433 and allow all other container traffic. If that's the case I think you'd be better off not using whalewall at all and simply just using an external firewall to control access to 1433. That would be the simplest solution by far. If you do wish to limit network access between containers though then using whalewall would be a good choice.

[stefandevo]

Hi thx for your extensive reply. Idea would be to block traffic from the outside of the containers, into the container, for port 1433. Meanwhile I was able to set the necessary firewall rules with also disabling iptables inside the docker containers.