Sudo ufw route allow proto tcp from any to any port 8080Īllow public access to port 80 for container with private address 172.17.0.3 1 You can allow port access to all containers or specific container. If you ever add any docker related rules to /etc/ufw/les, remove them. Make sure DEFAULT_FORWARD_POLICY="DROP" in /etc/default/ufw Remove "iptables": "false" from etc/docker/daemon.json A ufw-docker-logging-deny -m limit - limit 3/min -limit-burst 10 -j LOG -log-prefix " " A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp -tcp-flags FIN,SYN,RST,ACK SYN -d 172.16.0.0/12 A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp -tcp-flags FIN,SYN,RST,ACK SYN -d 10.0.0.0/8 A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp -tcp-flags FIN,SYN,RST,ACK SYN -d 192.168.0.0/16 A DOCKER-USER -p udp -m udp -sport 53 -dport 1024:65535 -j RETURN Replace eth0 with the interface name you got from previous step.
You can achieve that by running below command 1Įcho $(ip route get 8.8.8.8 | awk - '')Īdd the following to the end of /etc/ufw/les. Prevent Docker from manipulating iptablesĪccording to Docker’s guides, it is possible to set the iptables key to false in the Docker engine’s configuration file at /etc/docker/daemon.json.There are two ways to prevent Docker exposing itself with iptables. If you don’t want Docker creating iptables rules or you are using UFW, you need to propertly configure them to make then work nicely together.
Docker in default will work with iptables nicely without user creating complicated iptables rules. If you see your Docker container ports got exposed and bypassed all UFW rules, that is normal because Docker will manipulate iptables when creating container.
0 kommentar(er)
