I’ve recently learned that UFW firewall rules do not affect Docker containers. I am looking into learning firewall rules in depth but in the meantime I want make sure I don’t fuck something up, so here are a few questions:
1- On a host that drops all incoming connections (configured through UFW), if I have a container with only a single port mapping 127.0.0.1:8080:80 is there any way to access this container through the public internet, what about 8080:80 or no port mapping at all?
2- How do I drop all incoming connections to all Docker containers and do I need to do that? Similar to ufw default deny incoming?
3- Is there a way to see all incoming/outgoing connections of all containers?
Thanks in advance and any resource advice for securing docker for dummies is appreciated.
telling someone asking these questions to read up on networking is the same as telling someone who’s asking why they can’t fly in the air to “just” read up on physics
Then maybe you’re not equipped to be attempting this. It’s basic networking.
If I ask and invite an electrician out to my house and proceed to tell him how I can just do it all myself, I deserve the horrible outcome.
DF.
I think the important factor is that you have contributed nothing of value to help this person learn. You could have linked to a useful resources, you have suggested Google searches to point in the correct direction. But you basically said “This is easy, RTFM”. Next time at least send them the manual they should read.
I pointed them right to the problem. Please explain how that isn’t helping?