When utilizing Docker, you might encounter a situation where UFW (Uncomplicated Firewall) rules fail to influence the network traffic of Docker containers. This occurs because Docker, by default, directly modifies iptables rules, bypassing UFW's control.
How can we address this issue?
Let's take the scenario of opening UDP ports 22, 80, 443, and 8443 as an example:
1. Install and Enable UFW
Firstly, ensure that UFW is installed on your system and enabled:
bashsudo apt update
sudo apt install ufw
sudo ufw enable
2. Open the Necessary Ports
Use the following commands to open ports for SSH (22), HTTP (80), and HTTPS (443):
bashsudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw allow 8443/udp
3. Install the ufw-docker Tool
ufw-docker is a utility designed to resolve conflicts between Docker and UFW firewall rules. Installation steps are as follows:
bashsudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
4. Configure ufw-docker
Execute the following command to install ufw-docker:
bashsudo ufw-docker install
This command modifies UFW's configuration files to ensure compatibility with Docker's network rules.
5. Restart the Server
Due to possible unknown reasons, restarting UFW may not always ensure rule effectiveness; restarting the server resolves this issue.
bashsudo reboot
6. Verify Configuration
Use the following command to check UFW's status and confirm that the required ports are open: