I have a Debian 9 Server running UFW, and i'd like to block all incoming requests except on port 2122 (SSH), and 80/443 (For HTTP(s)).
I ran the following commands :
ufw reset
ufw default deny incoming
ufw default allow outgoing
ufw allow incoming 2122/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable
Which compiles to :
ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
2122/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
2122/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
Seems like everything is fine, at least to me. But, when i run a docker container, on port 2424 (or, really, any other port), i can still access http://domain.tld:2424, despite the firewall.
I tried rebooting, restarting iptables, … No dice.
Any suggestion ? Thanks a lot !
Best Answer
Docker opens ports in the firewall itself, for any ports that are EXPOSEd by the running containers. These do not show up in
ufw
output, but can be viewed iniptables
.You should: