vodasams57

Results 4 comments of vodasams57

Allow Host exposed Ports not container ports

From a user perspective, I totally agree. Unfortunately, this is difficult. Docker applies NAT PREROUTING rules first, whereby the destination port in the IP frame is changed. The ufw-docker rules...

Use conntrack to allow incoming responses for outbound connections

hi @chaifeng thanks for your feedback. > What do you think about these rules? I would prefer the following approach "allow rules first, block anything else". ``` # BEGIN UFW...

Use conntrack to allow incoming responses for outbound connections

hi @chaifeng did you have time to have a look at my last comment?

Blocked IP addresses still can access docker container (fail2ban)

Have a look at the iptables chains which rules are first applied. Seems the ufw rules are applied before the fail2ban rules (named "f2b-..."). In addition ensure that fail2ban prepends...