I'm running a docker container that has the port 9000:9000 binding to the host, but I also have ufw enabled. The only ports I've allowed are 22, 80, 443.
So why is it that I'm able to connect to this container using the host's IP address? Shouldn't port 9000 be blocked by ufw?
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 14417c4f71fb dockerui/dockerui "/dockerui" 2 seconds ago Up 2 seconds 0.0.0.0:9000->9000/tcp docker_ui root@docker:~# ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
Aren't all ports blocked by default when you enable ufw?
Docker Network bypasses Firewall, no option to disable Check the firewall; docker will by use "anywhere" as the source, thereby all containers are exposed to the public.
A cloud-native Docker container firewall is able to isolate and protect workloads, application stacks, and services, even as individual containers scale up, down, or across hosts.
To make a port available to services outside of Docker, or to Docker containers which are not connected to the container's network, use the --publish or -p flag. This creates a firewall rule which maps a container port to a port on the Docker host to the outside world.
Docker silently modifies iptables. You can start the Docker daemon with the --iptables=false option by editing DOCKER_OPTS in /etc/default/docker 
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With