Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an iptable and ufw note in Docker hardening guide #273

Open
thebigbone opened this issue Aug 21, 2024 · 2 comments
Open

Add an iptable and ufw note in Docker hardening guide #273

thebigbone opened this issue Aug 21, 2024 · 2 comments
Labels
[c] update existing Existing content updates (beyond trivial fixes)

Comments

@thebigbone
Copy link

There is no mention of the fact that docker adds a bunch of iptable rules which can interfere with the original firewall settings.

Additionally, if you are using ufw alone for applying firewall settings, it will definitely override all the rules that you add.

The solutions to it are either using ufw-docker project or limit the exposure of the containers to loopback addresses (127.0.0.1) instead of running it on all addresses (0.0.0.0).
@TommyTran732
Copy link
Member

It's weird too cuz a lot of times it overrides this for IPv4 but not IPv6

@wj25czxj47bu6q
Copy link
Member

@Wonderfall Do you plan on tackling this, or would you like someone else to do it?

@wj25czxj47bu6q wj25czxj47bu6q added the [c] update existing Existing content updates (beyond trivial fixes) label Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
[c] update existing Existing content updates (beyond trivial fixes)
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TommyTran732 @thebigbone @wj25czxj47bu6q