I have a Debian 9 Server running UFW, and i’d like to block all incoming requests except on port 2122 (SSH), and 80/443 (For HTTP(s)).
I ran the following commands :
ufw reset ufw default deny incoming ufw default allow outgoing ufw allow incoming 2122/tcp ufw allow 80/tcp ufw allow 443/tcp ufw enable
Which compiles to :
ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip To Action From -- ------ ---- 2122/tcp ALLOW IN Anywhere 80/tcp ALLOW IN Anywhere 443/tcp ALLOW IN Anywhere 2122/tcp (v6) ALLOW IN Anywhere (v6) 80/tcp (v6) ALLOW IN Anywhere (v6) 443/tcp (v6) ALLOW IN Anywhere (v6)
Seems like everything is fine, at least to me. But, when i run a docker container, on port 2424 (or, really, any other port), i can still access http://domain.tld:2424, despite the firewall.
I tried rebooting, restarting iptables, … No dice.
Any suggestion ? Thanks a lot !
Docker opens ports in the firewall itself, for any ports that are EXPOSEd by the running containers. These do not show up in
ufw output, but can be viewed in
- Ensure that only ports that need to be accessible to the Internet are EXPOSEd.
- Use docker-compose to orchestrate the creation and running of multiple related containers. They can talk to each other without having to expose ports.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.