Hmm, not sure. I know with docker you can “mock” ports for the container, where the port the container sees is different than the port on the system. Maybe you can do something with that?
I can configure the containers in ways that don’t require ports to be published for the real network, but that’s always possible. It would still be nice to have a firewall that can block even those containers that try to publish their ports to the whole (real) network.
Hmm, not sure. I know with docker you can “mock” ports for the container, where the port the container sees is different than the port on the system. Maybe you can do something with that?
I can configure the containers in ways that don’t require ports to be published for the real network, but that’s always possible. It would still be nice to have a firewall that can block even those containers that try to publish their ports to the whole (real) network.