Does not work on Ubuntu 22.04.1 LTS

Question

Does not work on Ubuntu 22.04.1 LTS

NightHammer1000 opened this issue 3 years ago · 7 comments

After setting it up like described and like I have don so many times before, all the Ports from Docker are still reachable without allowing them.

Looks like something broke.

Answer 1 · 2022-12-06T09:39:05.000Z

Hi, i exactly did how described and for me is working. Having same Ubuntu version

Answer 2 · 2022-12-16T05:46:36.000Z

I can confirm that it DOES NOT work for me either and I am on 22.04.1 LTS too.

Answer 3 · 2022-12-16T05:54:28.000Z

Oh I think the script accept all connections from the local network which I did not expect. After removing any reference to 192.168.0.0/16, I have the expected behavior.

https://github.com/chaifeng/ufw-docker/blob/master/ufw-docker#L332

Answer 4 · 2023-01-13T04:13:41.000Z

Oh I think the script accept all connections from the local network which I did not expect. After removing any reference to 192.168.0.0/16, I have the expected behavior.

https://github.com/chaifeng/ufw-docker/blob/master/ufw-docker#L332

After reverting the iptables to the default state, I commented on the ufw-docker script the line referencing 10.0.0.0/8 because my local network is on 10.x. It blocked everything opened by the containers by default after rebooting the machine.

https://github.com/chaifeng/ufw-docker/blob/master/ufw-docker#L330

Allowing specific container-port pairs with "ufw-docker allow" now works as expected,

Answer 5 · 2023-03-06T18:28:22.000Z

I can also confirm it's not working on 22.04.2. Nmap returns every docker port there is.

Edit: I have tried commenting out the lines mentioned above, but nothing changed.
Edit 2: I have realized I am using a separate network for 3 of my services: MySQL, PHPMyAdmin, and a WordPress site. all three of those are exposed.

For example, Portainer isn't.

How the network is defined in compose.yml

networks:
  db_bridge:
    driver: bridge
    ipam:
      config:
        - subnet: 172.10.0.0/16

Edit 3: I have fixed it all by just changing the subnet to 172.20.0.0/16

Answer 6 · 2023-05-01T11:30:57.000Z

I couldn't solve this issue, as I enabled ufw-docker the containers I had (nginx proxy manager and portainer) wasn't even reachable local, so I have changed the portainer port to "expose" and now it is only reachable over subdomain.mydomain.com but not per IP:port nor host:port from the server.
And I configured the npm admin port (81) also as expose, and only let the 443 and 80 as public port for the internet on the mydomain.

Answer 7 · 2024-01-05T07:57:39.000Z

I made it working with that Tutorial from docker here directly Docker-eth