If I was not running Docker, then I use UFW and Fail2Ban to manage open ports and intrusion prevention.
Docker, by default, modifies iptables
itself, ignoring/bypassing UFW. I know you can change this behavior but my understanding is that it is not advised to set DOCKER_OPTS="--iptables=false"
because Docker networking is fairly complex.
This means that Fail2Ban is useless. I could tell Fail2Ban where to look for container traffic logs but I don’t know if it’ll matter since Fail2Ban won’t be able to ban those IPs – since Docker bypasses UFW.
I’m new to Docker and Traefik. I’m just trying to wrap my head around what I should do vs. I don’t need to do. I’m only exposing one service on 80/443 using Traefik but is a sensitive service so I still want things to be secure.
I mean, I opened 80/443 on my FW (pfSense) and just within 24 hours I was getting hits from random IPs. There weren’t a lot so I don’t think anyone was trying to get in, probably some scanners, but still.
Any advise/perspective/thoughts/experience is appreciated.