Configure UFW to manage Docker related connections
Revision as of 13:39, 15 July 2021 by Discorddigital (talk | contribs) (Created page with "==Prologue== This guide applies to Ubuntu 20.04. After you installed docker and setup UFW to block all connections by default, docker will bypass the firewall entirely. You c...")
Prologue
This guide applies to Ubuntu 20.04. After you installed docker and setup UFW to block all connections by default, docker will bypass the firewall entirely.
You can fix this by creating/editing following file: /etc/docker/daemon.json
{
"iptables": false
}
Once done, you need to edit following file as well: /etc/ufw/after.rules
Make sure to paste following lines before the last line in the file which is COMMIT
# Put Docker behind UFW
*filter
:DOCKER-USER - [0:0]
:ufw-user-input - [0:0]
-A DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-USER -m conntrack --ctstate INVALID -j DROP
-A DOCKER-USER -i ens3 -j ufw-user-input
-A DOCKER-USER -i ens3 -j DROP
# End Docker UFW rules
Once you've done this, execute following commands to apply your changes:
This will restart all your docker containers.
sudo systemctl restart ufw
sudo systemctl restart docker
Test your configuration to make sure the changes are working.