search

chaifeng / ufw-docker

To fix the Docker and UFW security flaw without disabling iptables
GNU General Public License v3.0
4.59k stars 386 forks source link

Base ufw whitelist is not respected. #93

Open matlinski opened 1 year ago

matlinski commented 1 year ago

I was able to successfully use your binary. When I added: ufw-docker install

And rebooted the system all of the containers stopped being exposed, but then I added ufw-docker allow container1 80 ufw-docker allow container1 443 ufw-docker allow container2 3306

They are no longer blocked which is great but the whitelist from base ufw is not respected.

ufw allow from 18.8.132.78 to any ufw allow from 88.80.218.248 to any ufw allow from 99.46.245.249 to any port 3306

this is the whitelist ^ (IPs not actually real)

I need it to be respected, how to do it?

iwangxiaodong commented 1 year ago

show container_ip: docker exec ss-rust cat /etc/hosts

format:

to port ufw route allow from 1.2.3.4 to 172.17.0.3 port 3306 proto tcp @matlinski