I’ve recently learned that UFW firewall rules do not affect Docker containers. I am looking into learning firewall rules in depth but in the meantime I want make sure I don’t fuck something up, so here are a few questions:

1- On a host that drops all incoming connections (configured through UFW), if I have a container with only a single port mapping 127.0.0.1:8080:80 is there any way to access this container through the public internet, what about 8080:80 or no port mapping at all?

2- How do I drop all incoming connections to all Docker containers and do I need to do that? Similar to ufw default deny incoming?

3- Is there a way to see all incoming/outgoing connections of all containers?

Thanks in advance and any resource advice for securing docker for dummies is appreciated.

    • monkeyman512@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      20 days ago

      Let’s say that yes, you pointed them to “networking”. The issue is that they have a specific problem and you are pointing to a topic so broad and deep with no specific direction. But you also say “it’s basic”. Well if it truly is basic and they still don’t get it, this would be a clear indication that they need some level of hand holding. Last if your feeling “that is a lot of work, I don’t want to do that” no problem you don’t have to. But in that that situation I would suggest reviewing before commenting: is it going to get the person closer to a solution? Is encouraging to the person? Am I indicating I also have this problem indicating someone else could step in and help multiple people at once? Is it funny? If it’s no on all those, maybe don’t comment.