552

Context: Docker bypasses all UFW firewall rules (lemmy.world)

submitted 3 months ago* (last edited 3 months ago) by qaz@lemmy.world to c/programmer_humor@programming.dev

106 comments fedilink hide all child comments

Docker docs:

Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.

you are viewing a single comment's thread
view the rest of the comments

[-] False@lemmy.world 21 points 3 months ago

Explicitly binding certain ports to the container has a similar effect, no?

[-] doughless@lemmy.world 10 points 3 months ago

I still need to allow the ports in my firewall when using podman, even when I bind to 0.0.0.0.

[-] qaz@lemmy.world 3 points 3 months ago

Also when using a rootfull Podman socket?

[-] doughless@lemmy.world 5 points 3 months ago

I haven't tried rootful since I haven't had issues with rootless. I'll have to check on that and get back to you.

[-] doughless@lemmy.world 3 points 3 months ago

When running as root, I did not need to add the firewall rule.

[-] qaz@lemmy.world 2 points 3 months ago

Thanks for checking

[-] Static_Rocket@lemmy.world 4 points 3 months ago

It's better than nothing but I hate the additional logs that came from it constantly fighting firewalld.

this post was submitted on 29 Aug 2025

552 points (99.1% liked)

Programmer Humor

27690 readers

461 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev