search

capnspacehook / whalewall

Automate management of firewall rules for Docker containers
BSD 3-Clause "New" or "Revised" License
244 stars 4 forks source link

Doesn't work in my nodejs app #219

Open lucius100 opened 4 months ago

lucius100 commented 4 months ago

Usually it works in other docker apps I have my own docker nodejs app, and somehow it doesn't work

here is my configuration

    labels:
      whalewall.enabled: 'true'
      whalewall.rules: |
        mapped_ports:
          localhost:
            allow: false
          external:
            allow: true
            ips:
              - "whitelist-ip"
        output:
          proto: tcp
          dst_ports:
            - 15386

does the only way to see log is in /var/log/kern.log ? I want to troubleshoot feels so hard my app connect to external redis port 15386

I still can accesss my app on my-ip:3306 my app is on port 3306 access mydomain.com also works, but access exposed port also work, instead of allow only whitelist-ip , any ip can access the app via my-ip:3306

lucius100 commented 4 months ago

just found out error in my whalewall

2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules container.id=05e666fa316d 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules container.id=05e666fa316d container.name=docker-app 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules container.id=05e666fa316d 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules container.id=05e666fa316d container.name=docker-app error=error parsing rules: yaml: unmarshal errors:
  line 1: cannot unmarshal !!seq into whalewall.config 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules container.id=05e666fa316d 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules container.id=05e666fa316d container.name=docker-app 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules container.id=05e666fa316d 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR 2024-07-04T09:51:47.430127335Z 2024-07-04T09:51:47.430127335Z ERR msg=error creating rules container.id=05e666fa316d container.name=docker-app error=error parsing rules: yaml: unmarshal errors:
  line 1: cannot unmarshal !!seq into whalewall.config stacktrace=github.com/capnspacehook/whalewall.(*RuleManager).createRules
    github.com/capnspacehook/whalewall/create.go:63
github.com/capnspacehook/whalewall.(*RuleManager).Start.func1
    github.com/capnspacehook/whalewall/manager.go:118
lucius100 commented 3 months ago

pls can somebody help ? @capnspacehook