552

Context: Docker bypasses all UFW firewall rules (lemmy.world)

submitted 3 months ago* (last edited 3 months ago) by qaz@lemmy.world to c/programmer_humor@programming.dev

106 comments fedilink hide all child comments

Docker docs:

Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.

you are viewing a single comment's thread
view the rest of the comments

[-] qaz@lemmy.world 18 points 3 months ago

ufw just manages iptables rules, if docker overrides those it's on them IMO

[-] jwt@programming.dev 10 points 3 months ago

Feels weird that an application is allowed to override iptables though. I get that when it's installed with root everything's off the table, but still....

[-] MangoPenguin@lemmy.blahaj.zone 6 points 3 months ago

Linux lets you do whatever you want and that's a side effect of it, there's nothing preventing an app from messing with things it shouldn't.

[-] ryannathans@aussie.zone 3 points 3 months ago

If you give it root

[-] WhyJiffie@sh.itjust.works 3 points 3 months ago

there's nothing preventing an app from messing with things it shouldn't.

that's not exactly a linux specialty

[-] null@lemmy.nullspace.lol 3 points 3 months ago

It is decidedly weird, and it's something docker handles very poorly.

[-] null_dot@lemmy.dbzer0.com 6 points 3 months ago

Not really.

Both docker and ufw edit iptables rules.

If you instruct docker to expose a port, it will do so.

If you instruct ufw to block a port, it will only do so if you haven't explicitly exposed that port in docker.

Its a common gotcha but it's not really a shortcoming of docker.

[-] pressanykeynow@lemmy.world 1 points 3 months ago

iptables is deprecated for like a decade now, the fact that both still use it might be the source of the problem here.

this post was submitted on 29 Aug 2025

552 points (99.1% liked)

Programmer Humor

27690 readers

229 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev