Docker Firewall configuration

[alphonse92]

Hi, i have some issues about the vpl configuration file

Environment

Ubuntu

FROM ubuntu:16.04

Docker

VPL

vpl version 2.2.2

Description

In /etc/vpl/vpl-jail-system.conf in firewall section and the commented lines says:

FIREWALL=0|1|2|3|4

0: No firewall

1: VPL service+DNS+internet access

2: VPL service+DNS+Limit internet to port 80 (super user unlimited)

3: VPL service+No external access (super user unlimited)

4: VPL service+No external access

Note: In level 4 stop vpl-jail-system service to update/upgrade the system

default level 0

by default, the configuration is:

JAILPATH=/jail MIN_PRISONER_UGID=10000 MAX_PRISONER_UGID=20000 MAXTIME=600 URLPATH=/ FIREWALL=2 LOGLEVEL=0

However, using this configuration i cant get external response, for example: curl -I http://www.google.com, and if i tries execute curl -I http://172.17.0.2/OK where 172.17.0.2 is my container ip i cant get response from service.

Then, i change the firewall to 0 level instead of, i restarted the service and i can get response from service.

Have you any idea about this behavior ? I think itsnt normal. I verify the follow repos:

https://github.com/hthuwal/vpl_docker and https://gitlab.com/ifrscanoas/vpl-jail-docker, i ran that images, i tested the endpoints (it works) , verify the configuration file in each images, and i verify the firewall level is 2.

What could be my problem?

My docker file is:

FROM ubuntu:16.04 WORKDIR /home/app/ COPY ./app ./ RUN apt-get update && apt-get -y install sudo apt-utils CMD ["tail","-f","/dev/null"]

[jcrodriguez-dis]

Hello Alejandro, this is a bug that need to be resolved.

[jeroenhabets]

Since Feb 2023 there is a PR for Docker support: https://github.com/jcrodriguez-dis/vpl-xmlrpc-jail/pull/64 (with a typo in its title)