Incoming connection aren't blocked

Hi there!

I just followed the provided instructions (modify /etc/ufw/after.rules and reload the service) and it doesn't work.

I'm still able to access containers from the outside through <server IP>:<port>.

Here is my container port bindings: 0.0.0.0:1234->4533/tcp, :::1234->4533/tcp.

If I change a random character in after.rules file to create a syntax error it indeed shows an error when restarting the service. Otherwise it runs fine.

I don't really know if there is any log/config file I should include in this issue, so please tell me if you need something else to check what's happening here.

EDIT: By default my UFW config file contains the following (default content):

  GNU nano 6.2                                                     /etc/ufw/after.rules
#
# rules.input-after
#
# Rules that should be run after the ufw command line added rules. Custom
# rules should be added to one of these chains:
#   ufw-after-input
#   ufw-after-output
#   ufw-after-forward
#

# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-after-input - [0:0]
:ufw-after-output - [0:0]
:ufw-after-forward - [0:0]
# End required lines

# don't log noisy services by default
-A ufw-after-input -p udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 68 -j ufw-skip-to-policy-input

# don't log noisy broadcast
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input

# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

chaifeng / ufw-docker

Incoming connection aren't blocked #72