Docker network scan by firewall and IPS is supported in Deep Security 11.2. However, K8s and Swarm network traffic will be blocked by default firewall rules.
Customers need to add certain rules to bypass K8s communication traffic, allow Swarm necessary traffic, and export service traffic.
Please add the following firewall rules to allow K8s communication traffic or Swarm necessary traffic.
Name | Action Type | Priority | Direction | Frame Type | Protocol | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|---|---|---|---|---|
HTTP Incoming TCP 80 Destination Port | Force Allow | 0 - Lowest | Incoming | IP | TCP | Any | N/A | Any | 80 |
HTTP Outgoing TCP 80 Source Port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | 80 | Any | Any |
K8s Incoming TCP 10054 Port | Force Allow | 0 - Lowest | Incoming | IP | TCP | Any | Any | Any | 10054 |
K8s Outgoing TCP 10054 port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | Any | Any | 10054 |
K8s Outgoing TCP 443 Port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | Any | Any | 443 |
K8s Incoming TCP 6443 Port | Force Allow | 0 - Lowest | Incoming | IP | TCP | Any | Any | Any | 6443 |
K8s Outgoing TCP 6443 Port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | Any | Any | 6443 |
K8s Incoming TCP 8081 Port | Force Allow | 0 - Lowest | Incoming | IP | TCP | Any | Any | Any | 8081 |
K8s Outgoing TCP 8081 Port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | Any | Any | 8081 |
K8s Outgoing UDP 8472 Port | Force Allow | 0 - Lowest | Outgoing | IP | UDP | Any | Any | Any | 8472 |
K8s Outgoing UDP 8285 Port | Force Allow | 0 - Lowest | Outgoing | IP | UDP | Any | Any | Any | 8285 |
K8s Incoming UDP 8285 Port | Force Allow | 0 - Lowest | Incoming | IP | UDP | Any | Any | Any | 8285 |
Name | Action Type | Priority | Direction | Frame Type | Protocol | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|---|---|---|---|---|
HTTP Incoming TCP 80 Destination Port | Force Allow | 0 - Lowest | Incoming | IP | TCP | Any | N/A | Any | 80 |
HTTP Outgoing TCP 80 Source Port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | 80 | Any | Any |
Swarm Outgoing TCP 443 Port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | Any | Any | 443 |
Swarm Incoming TCP 2377;60012 Port | Force Allow | 0 - Lowest | Incoming | IP | TCP | Any | 60012 | Any | 2377 |
Swarm Outgoing TCP 2377;60012 Port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | 2377 | Any | 60012 |
Swarm Incoming TCP 7946 Port | Force Allow | 0 - Lowest | Incoming | IP | TCP | Any | 7946 | Any | 7946 |
Swarm Outgoing TCP 7946 Port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | 7946 | Any | 7946 |
Swarm Incoming TCP 4789 Port | Force Allow | 0 - Lowest | Incoming | IP | UDP | Any | Any | Any | 4789 |