Download
UFW is a popular iptables front end on Ubuntu that makes it easy to manage firewall rules. But when Docker is installed, Docker bypasses the UFW rules and the published ports can be accessed from outside. Almost all of these solutions are similar. It requires disabling docker's iptables function first, but this also means that we give up docker's network management function. This causes containers will not be able to access the external network. It is also mentioned in some articles that you can manually add some rules in the UFW configuration file, such as -A POSTROUTING! -o docker0 -s 172.17.0.0/16 -j MASQUERADE. But this only allows containers that belong to network 172.17.0.0/16 can access outside. If we create a new docker network, we must manually add similar iptables rules for the new network.
Features
- Solve UFW and Docker issues
- Manage whether the public networks are allowed to visit the services provided by the Docker container
- Update UFW configurations, add the necessary firewall rules
- Documentation available
- Examples available
- We use Vagrant to set up a local testing environment
Project Samples
