Because if I use the port mapping function of Docker, Firewalld cannot "block it", it becames completely open.
You may be refering to do that with the daemon option "iptables" in false, and I don't know how that would affect the whole system, since docker has an integration with Firewalld, Firewalld is modifying nftables, docker is using a compatibility layer with iptables commands, [is not possible to prevent docker to writing to iptables](https://docs.docker.com/network/packet-filtering-firewalls/#prevent-docker-from-manipulating-iptables), and finally [there exists some gotchas with docker and nftables](https://www.going-flying.com/blog/docker-and-nftables.html).
How do you guys manage dockers and its ports? You write iptables rules directly? You set it up in a VM and have a firewall handling the virtual network? I've spent hours during multiple days in this and can't make anything work (I mean anything easy to manage. Of course I can learn how it interacts with nftables and do it there, but that's a terrible solution that's also subject to breaking easily with updates in docker / iptables compatibility layer)
Why don't you just use port mapping function of Docker? And let FirewallD control which source IPs are allow to connect to that port?
Because if I use the port mapping function of Docker, Firewalld cannot "block it", it becames completely open. You may be refering to do that with the daemon option "iptables" in false, and I don't know how that would affect the whole system, since docker has an integration with Firewalld, Firewalld is modifying nftables, docker is using a compatibility layer with iptables commands, [is not possible to prevent docker to writing to iptables](https://docs.docker.com/network/packet-filtering-firewalls/#prevent-docker-from-manipulating-iptables), and finally [there exists some gotchas with docker and nftables](https://www.going-flying.com/blog/docker-and-nftables.html). How do you guys manage dockers and its ports? You write iptables rules directly? You set it up in a VM and have a firewall handling the virtual network? I've spent hours during multiple days in this and can't make anything work (I mean anything easy to manage. Of course I can learn how it interacts with nftables and do it there, but that's a terrible solution that's also subject to breaking easily with updates in docker / iptables compatibility layer)