You’re probably already aware of this, but if you run Docker on linux and use ufw or firewalld - it will bypass all your firewall rules. It doesn’t matter what your defaults are or how strict you are about opening ports; Docker has free reign to send and receive from the host as it pleases.

If you are good at manipulating iptables there is a way around this, but it also affects outgoing traffic and could interfere with the bridge. Unless you’re a pointy head with a fetish for iptables this will be a world of pain, so isn’t really a solution.

There is a tool called ufw-docker that mitigates this by manipulating iptables for you. I was happy with this as a solution and it used to work well on my rig, but for some unknown reason its no-longer working and Docker is back to doing its own thing.

Am I missing an obvious solution here?

It seems odd for a popular tool like Docker - that is also used by enterprise - not to have a pain-free way around this.

  • MangoPenguin@lemmy.blahaj.zoneEnglish
    41·
    5 hours ago

    It doesnt actually bypass the firewall.

    When you tell docker to expose a port on 0.0.0.0 its just doing what you ask of it.

    • jobbies@lemmy.zipOPEnglish
      14·
      2 hours ago

      Wow that’s so helpfull!! Not low-effort at all! You’re so clever!!