whalewall
Automate management of firewall rules for Docker containers (by capnspacehook)
trafficjam
A Docker firewall for your reverse proxy network (by kaysond)
whalewall | trafficjam | |
---|---|---|
6 | 5 | |
185 | 123 | |
- | - | |
7.8 | 0.0 | |
7 days ago | 5 months ago | |
Go | Shell | |
BSD 3-clause "New" or "Revised" License | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
whalewall
Posts with mentions or reviews of whalewall.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-11.
-
Docker developers discuss changes in how ports are to be forwarded into containers
It took me a long time to notice this issue, and I've found this as a possible solution. Working on deploying it, and will see how it goes.
-
Self hosted security recommendations
Look into ufw (or iptables/nftables if you want to go deeper) to restrict outbound network access. Note though that Docker containers won't respect host firewall rules by default, so I created whalewall to easily manage container firewall rules: https://github.com/capnspacehook/whalewall
- Any experience with ufw-docker?
- Whalewall v0.2.0 released
- Whalewall – Easily mange firewall rules for Docker containers
-
Whalewall - easily manage firewall rules for Docker containers
I recently found out that Docker containers ignore any host-based firewall rules by default and wanted a solution to restrict container traffic. This weekend I finally finished a project to do just that: https://github.com/capnspacehook/whalewall
trafficjam
Posts with mentions or reviews of trafficjam.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-09-17.
-
One traefik network or traefik on every network?
This is always a security vs convenience battle. Some time ago someone mentioned trafficjam https://github.com/kaysond/trafficjam which might be the solution for this. This way you can easily create one traefik network and let trafficjam take care of the firewall rules on this network so you container on that network are only allowed to talk to traefik.
-
Whalewall - easily manage firewall rules for Docker containers
Awesome! I did something similar, for a much more specific use case (isolate containers on a shared reverse proxy network) using bash (makes reading the code very easy). See https://github.com/kaysond/trafficjam
- Beta announcement: trafficjam - a Docker firewall for your reverse proxy network
-
Nginx reverse proxy manager and many docker-compose stacks: Best practices?
Or you can try this containerized firewall I wrote to address this very problem: https://github.com/kaysond/traefikjam You put your reverse proxy and all your web containers on one network, then the firewall daemon adds iptables rules to prevent containers from talking to each other except the reverse proxy can talk to everything.
What are some alternatives?
When comparing whalewall and trafficjam you can also consider the following projects:
ufw-docker-automated - Manage docker containers firewall with UFW!
swarmsible - Ansible based Tooling and production grade example Docker Stacks. Updated with new learnings from running Docker Swarm in production
pfDeploy - Deploy your pf configuration in a FreeBSD VM.
ufw-docker - To fix the Docker and UFW security flaw without disabling iptables
Moby - The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
hub - Main repository for crowdsec scenarios/parsers