I’ve recently learned that UFW firewall rules do not affect Docker containers. I am looking into learning firewall rules in depth but in the meantime I want make sure I don’t fuck something up, so here are a few questions:

1- On a host that drops all incoming connections (configured through UFW), if I have a container with only a single port mapping 127.0.0.1:8080:80 is there any way to access this container through the public internet, what about 8080:80 or no port mapping at all?

2- How do I drop all incoming connections to all Docker containers and do I need to do that? Similar to ufw default deny incoming?

3- Is there a way to see all incoming/outgoing connections of all containers?

Thanks in advance and any resource advice for securing docker for dummies is appreciated.

  • BK85@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    3
    ·
    12 days ago

    Try tailscale for remote acess run it as a docker container. I csnt help you with the other questions.