Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Solves the problem with open ports with docker and ufw
- # As Docker uses the nat table, the filter table FORWARD chain is used and does not touch ufw-input chains as expected.
- # Even for ufw-forward chains it would not work, as DOCKER chains are inserted in front.
- # This is a simple fix that worked for me. iptables-restore --noflush iptables-docker-ufw.save
- # Add following lines to /etc/ufw/after.rules
- *filter
- :DOCKER-USER - [0:0]
- :ufw-user-input - [0:0]
- -A DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A DOCKER-USER -m conntrack --ctstate INVALID -j DROP
- -A DOCKER-USER -i eth0 -j ufw-user-input
- -A DOCKER-USER -i eth0 -j DROP
- COMMIT
Add Comment
Please, Sign In to add comment