niels segers

How to fix the Docker and UFW security flaw

cover

May 14, 2019

If you use Docker on Linux, chances are your system firewall might be relegated to Uncomplicated Firewall (UFW). If that's the case, you may not know this, but the combination of Docker and UFW poses a bit of a security issue. Why? Because Docker actually bypasses UFW and directly alters iptables, such that a container can bind to a port. This means all those UFW rules you have set won't apply to Docker containers.

Fortunately, there's a way to fix this. Go back to the terminal on your Docker server and issue the command sudo vi /etc/default/docker and add the following line:

1 DOCKER_OPTS="--iptables=false"

Read more about it here.