Configure UFW to manage Docker related connections

From DiscordDigital Wiki
Revision as of 13:39, 15 July 2021 by Discorddigital (talk | contribs) (Created page with "==Prologue== This guide applies to Ubuntu 20.04. After you installed docker and setup UFW to block all connections by default, docker will bypass the firewall entirely. You c...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Prologue

This guide applies to Ubuntu 20.04. After you installed docker and setup UFW to block all connections by default, docker will bypass the firewall entirely.

You can fix this by creating/editing following file: /etc/docker/daemon.json

{
"iptables": false
}

Once done, you need to edit following file as well: /etc/ufw/after.rules Make sure to paste following lines before the last line in the file which is COMMIT

# Put Docker behind UFW
*filter
:DOCKER-USER - [0:0]
:ufw-user-input - [0:0]

-A DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-USER -m conntrack --ctstate INVALID -j DROP
-A DOCKER-USER -i ens3 -j ufw-user-input
-A DOCKER-USER -i ens3 -j DROP
# End Docker UFW rules

Once you've done this, execute following commands to apply your changes:

Small Warning.png This will restart all your docker containers.

sudo systemctl restart ufw

sudo systemctl restart docker

Test your configuration to make sure the changes are working.