Comments (1)
Issue was down to incorrect subnets being used when editing /etc/ufw/after.rules
The auto installer makes assumptions to the subnets being used.
Please could this be added to the main Read Me to prevent others from falling for the same trap.
Using the following command to show all subnets in CIDR
ip -o -4 route show | awk '{print $1}' | grep -oP '\b\d+\.\d+\.\d+\.\d+\/\d+\b'
then updating the /etc/ufw/after.rules with the returning subnets, NOT the default ones shown in the example.
Example of what to add to after.rules using the above subnets as examples;
# BEGIN UFW AND DOCKER
*filter
:ufw-user-forward - [0:0]
:ufw-docker-logging-deny - [0:0]
:DOCKER-USER - [0:0]
-A DOCKER-USER -j ufw-user-forward
-A DOCKER-USER -j RETURN -s 10.0.0.0/24
-A DOCKER-USER -j RETURN -s 172.17.0.0/16
-A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.0.0.0/24
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.17.0.0/16
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 10.0.0.0/24
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 172.17.0.0/16
-A DOCKER-USER -j RETURN
-A ufw-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] "
-A ufw-docker-logging-deny -j DROP
COMMIT
# END UFW AND DOCKER
from ufw-docker.
Related Issues (20)
- What do I need to do to expose the container to only one IP, please? Thanks. HOT 2
- Access own host HOT 7
- after6.rules? and How to allow 80/tcp from any CN-CIDR ?
- 容器解析域名失败
- no communication between docker containers HOT 8
- Add ufw limit
- 不能手动添加ip地址 HOT 6
- Allow Host exposed Ports not container ports HOT 1
- Blocked IP addresses still can access docker container (fail2ban) HOT 3
- Have to recreate ufw rules after docker restart HOT 1
- 172.16.0.0/12 - Should this be /16? HOT 3
- table `nat' is incompatible, use 'nft' tool HOT 1
- Use conntrack to allow incoming responses for outbound connections HOT 3
- Does docker affect UFW if the services are running on loopback address?
- ufw to iptables wont block docker container access
- Can not access External IPs
- why不能在before中控制 HOT 1
- How to uninstall easily? HOT 3
- 172.17.0.0/16 as a ip space in which containers are created. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ufw-docker.