add docker support

It might be possible to do this, but ufw doesn't currently integrate with other software in the manner. At a minimum, we could add information to the man page for this though.

> It might be possible to do this, but ufw doesn't currently integrate with other software in the manner.

I think to keep firewalls uncomplicated it would suit ufw well to integrate with docker. Currently it's quite complicated to set correct firewall rules when docker is running. It's even harder to combine this with ufw.

Ufw should help fix this problem by adding docker functionality

It could be seen as a *security issue*, in my opinion.

If a server or a user is expecting to block thing behind ufw install.
And then he/she install docker with its default, it will bypass the existing firewall configuration. So exposing thing that was blocked previously.

Without any notification.

Available ref:

- https://docs.docker.com/engine/network/packet-filtering-firewalls/#docker-and-ufw - warning on docker side
- https://github.com/chaifeng/ufw-docker - some script and fixes on ufw side
- https://stackoverflow.com/questions/30383845/what-is-the-best-practice-of-docker-ufw-under-ubuntu
- https://github.com/moby/moby/discussions/45524 - discussion on docker side

obviously things get very complicated here... 😉

This happened to me once, hence I opened the issue. Fortunately it was on
my own laptop.

On Tue, Aug 20, 2024 at 7:28 PM Sylvain Viart <email address hidden>
wrote:

> It could be seen as a *security issue*, in my opinion.
>
> If a server or a user is expecting to block thing behind ufw install.
> And then he/she install docker with its default, it will bypass the
> existing firewall configuration. So exposing thing that was blocked
> previously.
>
> Without any notification.
>
> Available ref:
>
> -
> https://docs.docker.com/engine/network/packet-filtering-firewalls/#docker-and-ufw
> - https://github.com/chaifeng/ufw-docker
> -
> https://stackoverflow.com/questions/30383845/what-is-the-best-practice-of-docker-ufw-under-ubuntu
>
> obviously things get very complicated here... 😉
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1860677
>
> Title:
> add docker support
>
> Status in docker:
> New
> Status in ufw:
> Triaged
>
> Bug description:
> https://bugs.launchpad.net/bugs/1717648 reports the lack of support of
> docker as a bug. It is replied asking to deal with it in before.rules
> which is fine.
>
> That said, the goal of ufw being to help users dealing with firewall
> in a simple way, and as docker is very popular, it would be cool to
> support it.
>
> I see this as ufw interacting with the DOCKER-USER chain in the way it
> does now with INPUT. The functionality could be switch on/off by
> configuration (even if having rule in DOCKER-USER without docker, does
> not harm). There would be a default policy on docker (deny by
> default), and you could add rules. I imagine it by adding a docker tag
> to actual [incoming|outgoing|routed].
>
> This is for an upcoming release of ufw.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/docker/+bug/1860677/+subscriptions
>
>