552

Context: Docker bypasses all UFW firewall rules (lemmy.world)

submitted 3 months ago* (last edited 3 months ago) by qaz@lemmy.world to c/programmer_humor@programming.dev

106 comments fedilink hide all child comments

Docker docs:

Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.

you are viewing a single comment's thread
view the rest of the comments

[-] MasterNerd@lemmy.zip 12 points 3 months ago

I mean if you're hosting anything publicly, you really should have a dedicated firewall

[-] ohshit604@sh.itjust.works 1 points 3 months ago

have a dedicated firewall

I mean, don’t router firewalls count in this regard? Isn’t that kinda part of their job?

[-] qaz@lemmy.world 1 points 3 months ago

Do you mean a hardware firewall?

[-] MasterNerd@lemmy.zip 2 points 3 months ago

Basically yeah, though I didn't specify hardware because of how often virtualization is done now

[-] qaz@lemmy.world 1 points 3 months ago

The VPS I'm using unfortunately doesn't offer an external firewall

[-] MasterNerd@lemmy.zip 2 points 3 months ago

Well, if you have the option you could set up a virtual network through the VPS and have a box with pfsense or something to route all traffic through. Take this with a grain of salt - I've seen this done but never done it fully myself.