Comments (5)
It appears that with --net=host
we just need to do some regular ufw allow from
commands instead of ufw route allow from
. What remains to assert is how to retrieve ports used by the container and how to delete those ufw rules when the container is deleted.
Maybe using container.attrs['Config']['ExposedPorts'] when EXPOSE
is specified in the dockerfile.
from ufw-docker-automated.
I worked on that on net-host branch, I think for now in host network mode we can only handle incoming traffic (ufw-from label).
For outgoing traffic (ufw-to label), it's a bit more tricky. Maybe we need to do something like this :
ufw allow out to any port 53
ufw allow out to 192.168.1.0/24 port 80 proto tcp
ufw deny out to any
from ufw-docker-automated.
Maybe we shouldn't do host network mode, because there is no IPtables involved and users can simply create normal ufw rules. What do you think? 🤔
from ufw-docker-automated.
I agree, this could get confusing because we are touching rules that the user maybe want to manage.
It's doable but it requires that the user understands what it does.
I'll leave the idea in the branch net-host, but as you can see the hack is not pretty when I need to remove rules (line 125).
from ufw-docker-automated.
Indeed, Let's say doable, but not required. As it would make things over complex.
from ufw-docker-automated.
Related Issues (20)
- Cannot detect some container IP addresses when stopping multiple containers
- Implement log level
- Avoid duplicate rules HOT 10
- persistent storage HOT 1
- Potential race condition on host startup HOT 1
- Does not run on a Raspberry Pi @ Debian HOT 3
- Docker swarm mode support HOT 2
- UFW init error bad argument filter HOT 1
- When container has multiple networks, it only creates one network rules HOT 5
- ERROR: 'route delete NUM' unsupported. Use 'delete NUM' instead. HOT 8
- support Debian 11 / Ubuntu 22 HOT 1
- automated rules removed and not properly added back on docker service restart HOT 10
- Ubuntu 22.04 with crowdsec firewall bouncer does not add any docker rules. HOT 12
- docker-compose.yml for mempool HOT 1
- UFW Rule for network interface name
- Segmentation fault
- Systemd ufw-docker-automated.service exit 0 HOT 2
- Can this automate ufw limits?
- Publish a new release with latest changes
- Couldn't detect the container IP address. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ufw-docker-automated.