Why does UFW not block the ports that have been exposed using docker?

docker firewall ufw

Solution 1:

It looks like

Docker tampers directly with IPTables

. It is possible to override this behavior by adding --iptables=false to to the Docker daemon.

Edit /etc/default/docker and uncomment the DOCKER_OPTS line:

DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --iptables=false"

The author concluded the following:

  • UFW doesn’t tell you iptables true state (not shocking, but still).
  • Never use the -p option (or -P) in Docker for something you don’t want to be public.
  • Only bind on either the loopback interface or an internal IP.

Related

Is it possible to serve static html from php-fpm?
"That heresies should arise, we have the prophesie of Christ..."
Verb for refusing to share an item
What is the common expression to describe position starting from the last one?
Usage and meaning of the word "Ragging" in India
Does "wobble" sound negative?
Word for "exploding error"?
What do you call it when someone assumes the job of someone else who is out on vacation?
is it possible to provide a single word for describing an item that would need to be replaced over time [closed]
Adjective to describe something that is not rushed
Word for a person at a company who is in charge of my data
What would you call it when an aunt complains about her nephew in front of his mom to needle her?