Docker ignores ufw with the default settings

Bug #1717648 reported by Kayvan Sylvan on 2017-09-16
This bug affects 4 people
Affects Status Importance Assigned to Milestone

Bug Description

$ sudo ufw --version
ufw 0.35
Copyright 2008-2015 Canonical Ltd.

$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.1 (stretch)
Release: 9.1
Codename: stretch

The issue is described fully here: https://github.com/moby/moby/issues/4737

In a nutshell, Docker sets up tables and rules in the DOCKER table and FORWARD table to facilitate routing to containers. This effectively bypasses `ufw` rules if, for example, you have an nginx container running on your machine and trying to stop bots from scanning your website by running `ufw` commands to deny that traffic.

I'm asking if you can make some modification to `ufw` to be aware of Docker's setup and work with it?

As you can tell from the github issue referenced above, on the Docker side, this has remained a problem for a few years. I'm hoping that maybe the `ufw` folks can address it in a way that you can run Docker in its standard configuration, and have `ufw` put its rules at the beginning of the queue of rules that Docker uses.


summary: - ufw and Docker do not work well together
+ Docker ignores ufw with the default settings
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers