Restrict access to a docker machine

I have got an nginx docker container an I want only some IP addresses be able to access to that.
How I can make it possible from rancher?

What is the best practice to make a rancher machine sure ? (about networking)

for your information, it is not yet possible to communicate only via some private network interfaces (Is it possible to select on which network interface open ports?).
One option is to restrict access via some configuration external to docker (ufw ou iptable directly), and you must set the --iptables=false option in your /etc/default/docker config file (but you will have to manage every docker communication ).
Hope it helps,


no other way?

Manually doing in iptables it’s hard, especially in case of many containers running

i’ve found this :slightly_smiling:

Starting with Docker 1.2 you can now run your image with parameters --cap-add=NET_ADMIN --cap-add=NET_RAW which will allow internal iptables.

So, will it work ok my scenario?