172.16.0.0/12 - Should this be /16? about ufw-docker HOT 3 CLOSED

@shoodidagen You posted you changed 10.10.10.0/8 to 10.10.10.0/24 but in your code you are using 10.0.0.0/24. Can you please check which one is the right one? :)

from ufw-docker.

@shoodidagen You posted you changed 10.10.10.0/8 to 10.10.10.0/24 but in your code you are using 10.0.0.0/24. Can you please check which one is the right one? :)

10.10.10.0/24 is the correct one for my network :) the defaults in the ufw-docker documentation at the time used /8 which wasn't right for me. I'll update my post now to correct (too many 1's and 0's for the time of me posting this lead to confusion haha). I expected the automated script to check my subnets and amend, but it didn't do that.
Thank you

from ufw-docker.

Confirmed - And i think this will help other users out.

I'm kicking myself at how i could be so blind here, but i shouldn't have relied on documentation examples.

Running the following command will list in CIDR all subnets being used
ip -o -4 route show | awk '{print $1}' | grep -oP '\b\d+.\d+.\d+.\d+/\d+\b'

in my case this was;

I ditched the 3 liens with 192.168.0.0/16 altogether
and changed the 10.10.10.0/8 to 10.10.10.0/24
changed 172.16.0.0/12 to 172.17.0.0/16

Once i had rebooted the host, IT WORKS

I cannot believe how long its taken me to work this one out. I'm about 2 months into learning about Docker, but I've no excuse for missing the subnets! I assumed that those listed were particular to the inner workings of Docker.
I hope this can help other out and maybe could be added to the main readme.

# BEGIN UFW AND DOCKER

*filter
:ufw-user-forward - [0:0]
:ufw-docker-logging-deny - [0:0]
:DOCKER-USER - [0:0]
-A DOCKER-USER -j ufw-user-forward

-A DOCKER-USER -j RETURN -s 10.10.10.0/24
-A DOCKER-USER -j RETURN -s 172.17.0.0/16

-A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN

-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.10.10.0/24
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.17.0.0/16

-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 10.10.10.0/24
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 172.17.0.0/16

-A DOCKER-USER -j RETURN
-A ufw-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] "
-A ufw-docker-logging-deny -j DROP

COMMIT
# END UFW AND DOCKER

from ufw-docker.