Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Fail to add rule(s), cannot find the published port" #86

Open
slhck opened this issue Dec 2, 2022 · 1 comment
Open

"Fail to add rule(s), cannot find the published port" #86

slhck opened this issue Dec 2, 2022 · 1 comment

Comments

@slhck
Copy link

slhck commented Dec 2, 2022

I run into this issue under Ubuntu 22.04 using the latest version of this script:

# ufw-docker install
# ufw-docker check

########## iptables -n -L DOCKER-USER ##########
Chain DOCKER-USER (1 references)
target     prot opt source               destination         
ufw-user-forward  all  --  0.0.0.0/0            0.0.0.0/0           
RETURN     all  --  10.0.0.0/8           0.0.0.0/0           
RETURN     all  --  172.16.0.0/12        0.0.0.0/0           
RETURN     all  --  192.168.0.0/16       0.0.0.0/0           
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:53 dpts:1024:65535
ufw-docker-logging-deny  tcp  --  0.0.0.0/0            192.168.0.0/16       tcp flags:0x17/0x02
ufw-docker-logging-deny  tcp  --  0.0.0.0/0            10.0.0.0/8           tcp flags:0x17/0x02
ufw-docker-logging-deny  tcp  --  0.0.0.0/0            172.16.0.0/12        tcp flags:0x17/0x02
ufw-docker-logging-deny  udp  --  0.0.0.0/0            192.168.0.0/16       udp dpts:0:32767
ufw-docker-logging-deny  udp  --  0.0.0.0/0            10.0.0.0/8           udp dpts:0:32767
ufw-docker-logging-deny  udp  --  0.0.0.0/0            172.16.0.0/12        udp dpts:0:32767
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           


########## diff /etc/ufw/after.rules ##########

Check done.

When I try exposing one container:

# ufw-docker allow traefik 80/tcp from anywhere
Fail to add rule(s), cannot find the published port 80/tcp of instance "traefik" or cannot update outdated rule(s).

However the instance is running and has its ports exposed:

# docker ps
CONTAINER ID   IMAGE                                                    COMMAND                  CREATED          STATUS          PORTS                                                                                                                 NAMES
fd70cfc47204   traefik  "/entrypoint.sh trae…"   12 minutes ago   Up 12 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp   traefik

What might cause this?
@slhck
Copy link
Author

slhck commented Dec 2, 2022
edited

Hmm, it seems that when I remove the from anywhere part the rules get added:

# ufw-docker allow traefik
allow traefik 443/tcp traefik
ufw route allow proto tcp from any to 172.18.0.2 port 443 comment allow traefik 443/tcp traefik
Rule added
allow traefik 80/tcp traefik
ufw route allow proto tcp from any to 172.18.0.2 port 80 comment allow traefik 80/tcp traefik
Rule added
allow traefik 8080/tcp traefik
ufw route allow proto tcp from any to 172.18.0.2 port 8080 comment allow traefik 8080/tcp traefik
Rule added

The from anywhere used to work under Ubuntu 18.04.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@slhck