Network firewalling
Docker has always had the mantra of security first. This philosophy had a direct influence on how networking in a single and multihost Docker environment was designed and implemented. Software-defined networks are easy and cheap to create, yet they perfectly firewall containers that are attached to this network from other non-attached containers, and from the outside world. All containers that belong to the same network can freely communicate with each other, while others have no means to do so:
Docker networks
In the preceding image, we have two networks called front and back. Attached to the front network, we have containers c1 and c2, and attached to the back network, we have containers c3 and c4. c1 and c2 can freely communicate with each other, as can c3 and c4. But c1 and c2 have no way to communicate with either c3 or c4, and vice versa.
Now what about the situation where we have an application consisting of three services, webAPI, productCatalog, and database? We...