Docker is going to undo your port iptable rules with or without ufw
Running rm -rf ~ isn’t that hard to do either just don’t do it.
Your router’s NAT should save you if that happens on the wrong port anyway.
Comment on Got any security advice for setting up a locally hosted website/external service?
dgdft@lemmy.world 2 days agoThis is dangerous advice because docker is well-known for undoing UFW’s iptable rules.
monogram@feddit.nl 2 days ago
dgdft@lemmy.world 2 days ago
You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.
It does have real potential to cause serious issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.
monogram@feddit.nl 2 days ago
Please tell me more, which firewall would you recommend that plays nice with Docker?
No NAT? Hahaha that’s a big if, and why would you copy paste a docker compose without reading it?
dgdft@lemmy.world 1 day ago
Please tell me more, which firewall would you recommend that plays nice with Docker?
Firewalld
No NAT?
Another user in this thread suggested DMZing, so combine your advice with theirs and boom. It’s not uncommon. Most people don’t knowingly choose to use a firewall that they don’t intend to work, like you would.
why would you copy paste a docker compose without reading it?
There’s more than one way to use docker. Spinning up an official mysql image using the official
docker runORdocker composecall suggested by the docs would start up a server wide open to the entire internet if DMZ’d.
NastyNative@mander.xyz 1 day ago
Do not open those ports hosting is way to cheap now to take that risk!