Access own host

[romikforest]

Hi. It works almost like I want and as you said. I have only two issues. May be something else has changed in iptables.

I can't access the host itself from the docker container. E.g. I can access it from other computer port 80 and 443. Also docker containers can access any address on the internet. But it's not possible to access the host from the docker containers by its ip or domain name (while ping works).

Also I can't access ipv6 network (from the host shell itself) while bought ipv6 support from my provider and seems like the host has ipv6 address and it isn't blocked anywhere. (May be some issue with iptables or provider's problem not related to ufw-docker. It would be nice to confirm if it's ok for others).

[JonathanMbt]

Hello, I actually encountered the same problem, ufw block every outgoing connection coming from a docker container and going to the same host. Is there a quick solution to this problem ?

[romikforest]

You can add your host e.g. before COMMIT # BEGIN UFW AND DOCKER or somewhere or all the local network if you wish (less secure) like:

-A ufw-after-input --src 10.0.0.0/8 -j ACCEPT
-A ufw-after-input --src 172.16.0.0/12 -j ACCEPT
-A ufw-after-input --src 192.168.0.0/16 -j ACCEPT

I did this way.

[JonathanMbt]

Thank you ;)

[syamsarosa]

@romikforest it works. thanks.

[BlueTree242]

You can add your host e.g. before COMMIT # BEGIN UFW AND DOCKER or somewhere or all the local network if you wish (less secure) like:

-A ufw-after-input --src 10.0.0.0/8 -j ACCEPT
-A ufw-after-input --src 172.16.0.0/12 -j ACCEPT
-A ufw-after-input --src 192.168.0.0/16 -j ACCEPT

I did this way.

question, what makes this less secure?

[romikforest]

question, what makes this less secure?

You have to trust your local network, it will have full access. So it's better to add a specific range of IP addresses that is used in your docker, for example, not all the local network.

[BlueTree242]

Oh, got it.