allow 127.0.0.1/32;  # localhost
allow 10.10.10.0/24; # docker network
deny all;