search

chaifeng / ufw-docker

To fix the Docker and UFW security flaw without disabling iptables
GNU General Public License v3.0
4.28k stars 366 forks source link

Stopped working recently? #120

Open toitzi opened 4 months ago

toitzi commented 4 months ago

Recently the script stopped working, i tried it with 3 different servers. Usually everything was blocked correctly. But now it does not seem to block anything anymore. I verified the ufw rules and i verified that the firewall configuration was there, still no success (ubuntu). Did anything change in a recent docker release? Is anybody else having that problem?

tebbbb commented 3 months ago

i also have a hard time getting it to work. It completely ignores my ufw allow rules and i have to manually enter stuff into the after.rules to get it working or use a proxy

mysteryx93 commented 3 months ago

I confirm that "ufw allow" rules are ignored.

justJackjon commented 3 months ago

Ah, thank goodness for this issue thread - I thought I was going bonkers 🙃!

Sadly I couldn't get it to work either 😞

Edit: Apologies, I should have been explicit - after following the instructions in the README, like the OP I found that containers were not blocked by default, which was the behaviour I was expecting. I made sure to verify that after running the ufw-docker utility script that the rules were added correctly added to /etc/ufw/after.rules.

s55ma commented 2 months ago

can confirm not working on ubuntu 24.04 LTS

byayex commented 1 month ago

It is still working for me.

What is the IP address you use to access it? Maybe you are using an IP address from the IPs declared in the after.rules:

•   192.168.0.0/16
•   10.0.0.0/8
•   172.16.0.0/12

If you access it with one of the internal Docker IPs (which can also be private network IPs), you are bypassing the firewall. If you try accessing it from another network/IP, it should still be blocked.

akselerando commented 1 month ago

I am also unable to get this to work. I've installed using the script, but connections are not blocked at all. Have anyone been able to find a fix for this, or know of an alternate solution?

Edit: I forgot to re-remove the trusted IP-addresses from the config after re-installing. Works as intended now.

c80609a commented 1 month ago

Block all outgoing connections from inside a docker container except https using firewalld. https://gist.github.com/deploy595/205ea7985fbf41fe66ab9a082021ed6a