search

chaifeng / ufw-docker

To fix the Docker and UFW security flaw without disabling iptables
GNU General Public License v3.0
4.59k stars 385 forks source link

Have to recreate ufw rules after docker restart #110

Open ahushh opened 1 year ago

ahushh commented 1 year ago

Thank you for this tool! Very useful and easy to use, but I there's one tiny problem. I have opened 80 and 443 ports for my container:

sudo ufw-docker allow backend_nginx_1 80
sudo ufw-docker allow backend_nginx_1 443

But after I restart the containers with docker-compose down && docker-compose up -d, allowed ports seems not to be working, until I run ufw-docker allow again. But I can't do this inside github actions workflow because ufw requires root access. Is there a way to allow ports permanently? Or somehow automatize recreating ufw rules after containers restart? Why this problem even happen? After all I specify container name, not container id, and the rules looks the same after recreating.

Thank you for any assistance.

chaifeng commented 1 year ago

Because the container IP address may change after recreating the containers.

related to this issue #31