this post was submitted on 29 Aug 2025
549 points (99.1% liked)

Programmer Humor

26135 readers
1121 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
anzo@programming.dev
Feyter@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
549
Context: Docker bypasses all UFW firewall rules (lemmy.world)
submitted 1 week ago* (last edited 1 week ago) by qaz@lemmy.world to c/programmer_humor@programming.dev
106 comments fedilink hide all child comments
 

Docker docs:

Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] grrgyle@slrpnk.net 1 points 4 days ago* (last edited 4 days ago) (1 children)

This was on a VPS (remote) where I didn't realise Docker was even capable of punching through UFW. I assumed (incorrectly) that if a port wasn't reversed proxied in my nginx config, then it would remain on localhost only.

Just run docker run -p 27017:27017 mongo:latest on a VPS and check the default collections after a few hours and you'll likely find they're replaced with a ransom message.

[โ€“] firelizzard@programming.dev 2 points 4 days ago

Ah, when you said local I assumed you meant your physical device