I’ve recently learned that UFW firewall rules do not affect Docker containers. I am looking into learning firewall rules in depth but in the meantime I want make sure I don’t fuck something up, so here are a few questions:

1- On a host that drops all incoming connections (configured through UFW), if I have a container with only a single port mapping 127.0.0.1:8080:80 is there any way to access this container through the public internet, what about 8080:80 or no port mapping at all?

2- How do I drop all incoming connections to all Docker containers and do I need to do that? Similar to ufw default deny incoming?

3- Is there a way to see all incoming/outgoing connections of all containers?

Thanks in advance and any resource advice for securing docker for dummies is appreciated.

  • monkeyman512@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    20 days ago

    Let’s say that yes, you pointed them to “networking”. The issue is that they have a specific problem and you are pointing to a topic so broad and deep with no specific direction. But you also say “it’s basic”. Well if it truly is basic and they still don’t get it, this would be a clear indication that they need some level of hand holding. Last if your feeling “that is a lot of work, I don’t want to do that” no problem you don’t have to. But in that that situation I would suggest reviewing before commenting: is it going to get the person closer to a solution? Is encouraging to the person? Am I indicating I also have this problem indicating someone else could step in and help multiple people at once? Is it funny? If it’s no on all those, maybe don’t comment.