for deploying new things
Indeed. Personally, I don't like
containers (and particularly dislike docker) but
if it were an
old application that can't be rebuilt and thus has to have a legacy platform ...
Harishk wrote: ↑2024/02/22 12:09:59
external url to be whitelisted
A container is merely one or more processes on the host (which presumably is not CentOS 7).
On all(?) EL systems the host has firewall set to:
Inbound: allow minimal set of services, e.g. ssh
Outbound: allow everything
A "whitelist" implies outbound ruleset:
to X in list allow
to * deny
While the default outbound ruleset is:
to * allow
In other words, "everyone" is on the list. Do you really want to limit where your processes in the container can connect to?
Harishk wrote: ↑2024/02/22 12:09:59
python3, pip,nodejs,npm
Sounds like there might be things that are not on any yum repository. Even the yum repositories (for CentOS 7) tend to have mirrors, which means that their IP addresses do change (all the time) and are many. Add all the other services and your whitelist gets long.
Besides, firewall rules tend to match with IP address, not names. URLs do usually have names (for "humans").