Docker UFW container access on private interface

olikdsfjgsod · August 29, 2019, 2:57pm

I’m running Docker and I control my firewall using ufw.

What I want to achieve is to permit inbound access to my container, but to not permit the container to have outbound access to either the Internet or any other container.

I start my Docker daemon with "iptables": false.

I have ufw configured with DEFAULT_FORWARD_POLICY="ACCEPT" and Anywhere ALLOW IN 192.168.1.0/24 with the intention of allowing access from my local subnet.

I start a container to test docker run -d -p 1234:80 nginx:alpine, however if I try to access nginx on port 1234, the connection times out for both 127.0.0.1:1234 and the local IP address of 192.168.1.10:1234. I can however access nginx via the docker0 interface of 172.17.0.2:80.

Can someone help me with what iptables (I assume) command I need to run to permit access to the container on both 127.0.0.1 and the private interface 192.168.1.10 over port 1234?

Topic		Replies	Views
Access container from WAN(internet) on VPS General	4	2422	March 26, 2022
Security docker and ufw setup - Vserver General	4	2596	December 5, 2022
Docker behind ufw/iptables & OpenVPN. Need to restrict access to VPN users only General docker	3	8230	January 11, 2019
Real/Remote IP forwarded into Container with Docker behind UFW (in Linux Debian) General	0	621	May 14, 2020
Docker stack, ufw, nginx Swarm	2	3725	October 2, 2017

Docker UFW container access on private interface

Related topics