I’ve only used ufw
and just now I had to run this command to fix an issue with docker.
sudo iptables -I INPUT -i docker0 -j ACCEPT
I don’t know why I had to run this to make curl
work.
So, what did I exactly just do?
This is behind my house router which already has reject input from wan, so I’m guessing it’s fine, right?
I’m asking since the image I’m running at home I was previously running it in a VPS which has a public IP and this makes me wonder if I have something open there without knowing :/
ufw
is configured to deny all incoming, but I learnt docker by passes this if you configure the ports like 8080:8080
instead of 127.0.0.1:8080:8080
. And I confirmed it by accessing the ip and port.
The command modifies the firewall to allow all incoming traffic on the docker0 network interface (which is created by Docker). It’s basically a bypass.
You can configure Docker to not try and manage it’s own rules, here is some discussion on the topic: https://github.com/moby/moby/issues/22054#issuecomment-2241481323
Note: iptables is “deprecated” you should be using nftables. Even Debian is on nftables nowadays.
Having a port open is only a problem if something is listening on it that you didn’t want to be. Which may be your concern - just clarifying in case you weren’t sure.