I’ve recently learned that UFW firewall rules do not affect Docker containers. I am looking into learning firewall rules in depth but in the meantime I want make sure I don’t fuck something up, so here are a few questions:
1- On a host that drops all incoming connections (configured through UFW), if I have a container with only a single port mapping 127.0.0.1:8080:80 is there any way to access this container through the public internet, what about 8080:80 or no port mapping at all?
2- How do I drop all incoming connections to all Docker containers and do I need to do that? Similar to ufw default deny incoming?
3- Is there a way to see all incoming/outgoing connections of all containers?
Thanks in advance and any resource advice for securing docker for dummies is appreciated.
Let’s say that yes, you pointed them to “networking”. The issue is that they have a specific problem and you are pointing to a topic so broad and deep with no specific direction. But you also say “it’s basic”. Well if it truly is basic and they still don’t get it, this would be a clear indication that they need some level of hand holding. Last if your feeling “that is a lot of work, I don’t want to do that” no problem you don’t have to. But in that that situation I would suggest reviewing before commenting: is it going to get the person closer to a solution? Is encouraging to the person? Am I indicating I also have this problem indicating someone else could step in and help multiple people at once? Is it funny? If it’s no on all those, maybe don’t comment.