Open red-gecko27 opened 5 months ago
hey @red-gecko27 !
Thank you for the detailed report. I've reproduced the problem and there're 2 workarounds:
Double click on the fw rule -> change "Match conntrack state(s)" to "Source IP" and enter the network, then add a new condition by clicking on the [+] button and add "Match conntrack state(s)" -> new (like in the following image).
[x] Debug invalid connections
under Preferences -> Nodes -> General
You can create a rule then to allow connections to the container IP + port.In this scenario, as it's an inbound connection, it doesn't belong to any app yet, thus the connection is discarded by default.
Describe the bug When I enable the system rule "Intercept forwarded connections (docker, etc)" I can no longer access my Docker containers on the local network even when it is in the "disabled" status on the graphical interface.
Include the following information:
1.6.4
Archlinux
6.6.9
Kde
Linux Desktop27 6.6.9-arch1-1
Docker version 24.0.7, build afdd53b4e3
To Reproduce
Run docker container like:
docker run --rm -it -p 80:80 strm/helloworld-http
From the OpenSnitch GUI, switch the status from "Running" to "Disabled" to ensure that the issue is not related to rules.
Attempt to access your container from an external device on the same local network, for example, using http://192.168.1.18.
Enable the system rule "Intercept forwarded connections (docker, etc)."
Try to connect again using http://192.168.1.18, and it's impossible to access the container.
I am using eBPF, and there are no errors in
/var/log/opensnitchd.log
.My iptables: