Comments (3)
@shoodidagen You posted you changed 10.10.10.0/8 to 10.10.10.0/24 but in your code you are using 10.0.0.0/24. Can you please check which one is the right one? :)
from ufw-docker.
@shoodidagen You posted you changed 10.10.10.0/8 to 10.10.10.0/24 but in your code you are using 10.0.0.0/24. Can you please check which one is the right one? :)
10.10.10.0/24 is the correct one for my network :) the defaults in the ufw-docker documentation at the time used /8 which wasn't right for me. I'll update my post now to correct (too many 1's and 0's for the time of me posting this lead to confusion haha). I expected the automated script to check my subnets and amend, but it didn't do that.
Thank you
from ufw-docker.
Confirmed - And i think this will help other users out.
I'm kicking myself at how i could be so blind here, but i shouldn't have relied on documentation examples.
Running the following command will list in CIDR all subnets being used
ip -o -4 route show | awk '{print $1}' | grep -oP '\b\d+.\d+.\d+.\d+/\d+\b'
in my case this was;
I ditched the 3 liens with 192.168.0.0/16 altogether
and changed the 10.10.10.0/8 to 10.10.10.0/24
changed 172.16.0.0/12 to 172.17.0.0/16
Once i had rebooted the host, IT WORKS
I cannot believe how long its taken me to work this one out. I'm about 2 months into learning about Docker, but I've no excuse for missing the subnets! I assumed that those listed were particular to the inner workings of Docker.
I hope this can help other out and maybe could be added to the main readme.
# BEGIN UFW AND DOCKER
*filter
:ufw-user-forward - [0:0]
:ufw-docker-logging-deny - [0:0]
:DOCKER-USER - [0:0]
-A DOCKER-USER -j ufw-user-forward
-A DOCKER-USER -j RETURN -s 10.10.10.0/24
-A DOCKER-USER -j RETURN -s 172.17.0.0/16
-A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.10.10.0/24
-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.17.0.0/16
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 10.10.10.0/24
-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 172.17.0.0/16
-A DOCKER-USER -j RETURN
-A ufw-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] "
-A ufw-docker-logging-deny -j DROP
COMMIT
# END UFW AND DOCKER
from ufw-docker.
Related Issues (20)
- What do I need to do to expose the container to only one IP, please? Thanks. HOT 2
- Access own host HOT 7
- after6.rules? and How to allow 80/tcp from any CN-CIDR ?
- 容器解析域名失败
- no communication between docker containers HOT 8
- Add ufw limit
- 不能手动添加ip地址 HOT 6
- Allow Host exposed Ports not container ports HOT 1
- Blocked IP addresses still can access docker container (fail2ban) HOT 3
- Have to recreate ufw rules after docker restart HOT 1
- Containers still access internet HOT 1
- table `nat' is incompatible, use 'nft' tool HOT 1
- Use conntrack to allow incoming responses for outbound connections HOT 3
- Does docker affect UFW if the services are running on loopback address?
- ufw to iptables wont block docker container access
- ufw blocks docker
- Stopped working recently? HOT 3
- ufw-docker-agent support for arm64
- 172.17.0.0/16 as a ip space in which containers are created. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ufw-docker.