Topics on this page
Container firewall rules
If you are using the Deep Security Agent version 11.2 or later to protect containers that communicate over an overlay network, you may need to add a number of firewall rules to allow network traffic for the Swarm services because the default firewall rules block that traffic.
| Name | Action Type | Priority | Direction | Frame Type | Protocol | Source IP | Source Port | Destination IP | Destination Port |
| HTTP incoming TCP 80 destination port | Force Allow | 0 - Lowest | Incoming | IP | TCP | Any | N/A | Any | 80 |
| HTTP outgoing TCP 80 source port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | 80 | Any | Any |
| Swarm outgoing TCP 443 port | Force Allow | 0 - Lowest | Outgoing | IP | TCP | Any | Any | Any | 443 |
| Swarm incoming TCP 2377, 4789, 7946, 60012 port | Force Allow | 0 - Lowest | Incoming | IP | TCP+UDP | Any | Any | Any | 2377, 4789, 7946, 60012 |
| Swarm outgoing TCP 2377, 4789, 7946, 60012 port | Force Allow | 0 - Lowest | Outgoing | IP | TCP+UDP | Any | 2377, 4789, 7946, 60012 | Any | Any |