I’ve recently learned that UFW firewall rules do not affect Docker containers. I am looking into learning firewall rules in depth but in the meantime I want make sure I don’t fuck something up, so here are a few questions:
1- On a host that drops all incoming connections, if I have a container with only a single port mapping 127.0.0.1:8080:80
is there any way to access this container through the public internet, what about 8080:80
or no port mapping at all?
2- How do I drop all incoming connections to all Docker containers and do I need to do that? Similar to ufw default deny incoming
?
3- Is there a way to see all incoming/outgoing connections of all containers?
Thanks in advance and any resource advice for securing docker for dummies is appreciated.
tux7350@lemmy.world 6 days ago
Oh boy I went down this same rabbit hole awhile ago. Here is a git repository that will explain why this happens and also offers a fix on how to modify your IP tables to ensure that docker respects the UFW.
Docker and UFW