Resolve the issues with UFW and Docker.
Resolve the issue of UFW being unable to manage Docker container ports when using Docker.
When utilizing Docker, you might encounter a situation where UFW (Uncomplicated Firewall) rules fail to influence the network traffic of Docker containers. This occurs because Docker, by default, directly modifies iptables rules, bypassing UFW's control.
How can we address this issue?
Let's take the scenario of opening UDP ports 22, 80, 443, and 8443 as an example:
1. Install and Enable UFW
Firstly, ensure that UFW is installed on your system and enabled:
bashsudo apt update
sudo apt install ufw
sudo ufw enable
2. Open the Necessary Ports
Use the following commands to open ports for SSH (22), HTTP (80), and HTTPS (443):
bashsudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw allow 8443/udp
3. Install the ufw-docker Tool
ufw-docker is a utility designed to resolve conflicts between Docker and UFW firewall rules. Installation steps are as follows:
bashsudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
4. Configure ufw-docker
Execute the following command to install ufw-docker:
bashsudo ufw-docker install
This command modifies UFW's configuration files to ensure compatibility with Docker's network rules.
5. Restart the Server
Due to possible unknown reasons, restarting UFW may not always ensure rule effectiveness; restarting the server resolves this issue.
bashsudo reboot
6. Verify Configuration
Use the following command to check UFW's status and confirm that the required ports are open:
bashsudo ufw status
The output should indicate that ports 22, 80, and 443 are allowed.
7. Delete Rules
Begin by listing all rule numbers using the following command:
bashsudo ufw status numbered
Delete rules based on their corresponding numbers. For instance, to delete rules numbered 3 and 4:
bashsudo ufw delete 3
sudo ufw delete 4