this post was submitted on 29 Aug 2025
547 points (99.1% liked)

Programmer Humor

26123 readers
540 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
anzo@programming.dev
Feyter@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
547
Context: Docker bypasses all UFW firewall rules (lemmy.world)
submitted 5 days ago* (last edited 5 days ago) by qaz@lemmy.world to c/programmer_humor@programming.dev
105 comments fedilink hide all child comments
 

Docker docs:

Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.

you are viewing a single comment's thread
view the rest of the comments
[–] False@lemmy.world 21 points 5 days ago (2 children)

Explicitly binding certain ports to the container has a similar effect, no?

[–] doughless@lemmy.world 9 points 5 days ago (1 children)

I still need to allow the ports in my firewall when using podman, even when I bind to 0.0.0.0.

[–] qaz@lemmy.world 3 points 5 days ago (2 children)

Also when using a rootfull Podman socket?

[–] doughless@lemmy.world 3 points 4 days ago (1 children)

When running as root, I did not need to add the firewall rule.

[–] qaz@lemmy.world 2 points 4 days ago

Thanks for checking

[–] doughless@lemmy.world 4 points 5 days ago

I haven't tried rootful since I haven't had issues with rootless. I'll have to check on that and get back to you.

[–] Static_Rocket@lemmy.world 4 points 5 days ago

It's better than nothing but I hate the additional logs that came from it constantly fighting firewalld.