Difference between revisions of "Configure UFW to manage Docker related connections"
Jump to navigation
Jump to search
(Created page with "==Prologue== This guide applies to Ubuntu 20.04. After you installed docker and setup UFW to block all connections by default, docker will bypass the firewall entirely. You c...") |
m |
||
| Line 2: | Line 2: | ||
This guide applies to Ubuntu 20.04. After you installed docker and setup UFW to block all connections by default, docker will bypass the firewall entirely. | This guide applies to Ubuntu 20.04. After you installed docker and setup UFW to block all connections by default, docker will bypass the firewall entirely. | ||
=== /etc/docker/daemon.json=== | |||
Start by creating/editing following file: <code>/etc/docker/daemon.json</code><syntaxhighlight lang="json"> | |||
{ | { | ||
"iptables": false | "iptables": false | ||
} | } | ||
</syntaxhighlight | </syntaxhighlight> | ||
=== /etc/ufw/after.rules=== | |||
Then you need to edit following file as well: <code>/etc/ufw/after.rules</code> | |||
Make sure to paste following lines '''before''' the last line in the file which is <code>COMMIT</code><syntaxhighlight lang="md"> | Make sure to paste following lines '''before''' the last line in the file which is <code>COMMIT</code><syntaxhighlight lang="md"> | ||
# Put Docker behind UFW | # Put Docker behind UFW | ||
Revision as of 13:40, 15 July 2021
Prologue
This guide applies to Ubuntu 20.04. After you installed docker and setup UFW to block all connections by default, docker will bypass the firewall entirely.
/etc/docker/daemon.json
Start by creating/editing following file: /etc/docker/daemon.json
{
"iptables": false
}
/etc/ufw/after.rules
Then you need to edit following file as well: /etc/ufw/after.rules
Make sure to paste following lines before the last line in the file which is COMMIT
# Put Docker behind UFW
*filter
:DOCKER-USER - [0:0]
:ufw-user-input - [0:0]
-A DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-USER -m conntrack --ctstate INVALID -j DROP
-A DOCKER-USER -i ens3 -j ufw-user-input
-A DOCKER-USER -i ens3 -j DROP
# End Docker UFW rules
Once you've done this, execute following commands to apply your changes:
This will restart all your docker containers.
sudo systemctl restart ufw
sudo systemctl restart docker
Test your configuration to make sure the changes are working.