Just wondered if any one is using block lists for their docker containers.
IPSum publishes a great list of IPs worth blocking.
The thing is, I know docker networking interacts with iptables in a complex way such that the iptables INPUT chain is ignored.
The docker docs say you can put custom rules in DOCKER-USER chain, but my iptables knowledge isn’t great and I think I’m more likely to mess something up than to have any success.
The thing is, I’m sure that this is something loads of other people have encountered, and I’m sure there must be an easier way.