How to Fix the Docker and UFW Security Flaw

2846

If you use Docker on Linux, chances are your system firewall might be relegated to Uncomplicated Firewall (UFW). If that’s the case, you may not know this, but the combination of Docker and UFW poses a bit of a security issue. Why? Because Docker actually bypasses UFW and directly alters iptables, such that a container can bind to a port. This means all those UFW rules you have set won’t apply to Docker containers.

Let me demonstrate this.

I’m going to set up UFW (running on Ubuntu Server 16.04), so that the only thing it will allow through is SSH traffic. To do this, I open a terminal and issue the following commands:

sudo ufw allow ssh
sudo ufw default deny incoming
sudo ufw enable

Read more at TechRepublic