-
Notifications
You must be signed in to change notification settings - Fork 349
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does not work on Ubuntu 22.04.1 LTS #85
Comments
Hi, i exactly did how described and for me is working. Having same Ubuntu version |
I can confirm that it DOES NOT work for me either and I am on 22.04.1 LTS too. |
Oh I think the script accept all connections from the local network which I did not expect. After removing any reference to 192.168.0.0/16, I have the expected behavior. https://github.com/chaifeng/ufw-docker/blob/master/ufw-docker#L332 |
After reverting the iptables to the default state, I commented on the ufw-docker script the line referencing 10.0.0.0/8 because my local network is on 10.x. It blocked everything opened by the containers by default after rebooting the machine. https://github.com/chaifeng/ufw-docker/blob/master/ufw-docker#L330 Allowing specific container-port pairs with "ufw-docker allow" now works as expected, |
I can also confirm it's not working on 22.04.2. Nmap returns every docker port there is. Edit: I have tried commenting out the lines mentioned above, but nothing changed. For example, Portainer isn't. How the network is defined in compose.yml networks:
db_bridge:
driver: bridge
ipam:
config:
- subnet: 172.10.0.0/16 Edit 3: I have fixed it all by just changing the subnet to |
I couldn't solve this issue, as I enabled ufw-docker the containers I had (nginx proxy manager and portainer) wasn't even reachable local, so I have changed the portainer port to "expose" and now it is only reachable over subdomain.mydomain.com but not per IP:port nor host:port from the server. |
I made it working with that Tutorial from docker here directly Docker-eth |
After setting it up like described and like I have don so many times before, all the Ports from Docker are still reachable without allowing them.
Looks like something broke.
The text was updated successfully, but these errors were encountered: