How to block outbound network and internet access for a Docker container

Whether you want to prevent a docker container to spy on your sensitive data with invasive telemetry or want to restict internet access for security reasons, here is how to do it.

First you need to create an internal network:

$ docker network create --internal --subnet 172.19.0.0/16 no-internet

Then you can launch your container with this new no-internet network attached:

$ docker run -d --network no-internet --name my_container my/image:latest

Alternatively, you can detach an already running container from the bridge network and attach the new network:

$ docker network disconnect bridge [my_container]
$ docker network connect no-internet [my_container]
1 email / week to learn how to (ab)use technology for fun & profit: Programming, Hacking & Entrepreneurship.
I hate spam even more than you do. I'll never share your email, and you can unsubscribe at any time.
Tags: programming, docker, devops

Want to learn Rust, Cryptography and Security? Get my book Black Hat Rust!