Restrict Docker access on the local network. Allow only Tailscale connections.
Restrict Docker access on the local network. Allow only Tailscale connections.
I need to adjust your local network settings so that only Tailscale is allowed. Check your UFW configuration and ensure the appropriate port is open for Tailscale traffic. If you're using chatgpt, confirm it's correctly referencing the right firewall rules. Let me know if you need further help.
Consider the subnet settings carefully. If you need VMs or apps to target a specific subnet, you may have to assign them accordingly. The same applies to Docker—if the server is in one subnet while containers run elsewhere, you'll need to adjust accordingly. Blocking a default subnet like 192.168.1.0 involves setting rules in your firewall to deny that range (using 0 as a mask). Allowing traffic requires specifying the correct subnet. For configuration methods, you can use terminal commands or GUI tools; more details would help refine the guidance. If simplicity is key, YUNHOST could be a convenient option.
I would assign this task to your router or firewall. Create a subnet on your firewall or set specific rules to block incoming traffic from the home network. You could even isolate it on a separate guest network with internet access only. Another option is to leave nothing visible on your home network from Docker, and instead run a Tailscale container on the same private Docker network that other containers use. (Docker-network allows connecting containers on a dedicated private subnet.)
Thank you for your reply. I realized I could simplify things by connecting Docker to the loopback address, then using Tailscale Serve to reach the needed resources on other devices.