qaz@lemmy.world to

Programmer Humor@programming.devEnglish · 8 hours ago

Context: Docker bypasses all UFW firewall rules

296

Context: Docker bypasses all UFW firewall rules

qaz@lemmy.world to

Programmer Humor@programming.devEnglish · 8 hours ago

Docker docs:

Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.

Chat

steventhedev@lemmy.world
link
fedilink
arrow-up
16·
6 hours ago
You’re forgetting the part where they had an option to disable this fuckery, and then proceeded to move it twice - exposing containers to everyone by default.

I had to clean up compromised services twice because of it.

Programmer Humor@programming.dev

programmer_humor@programming.dev

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programmer_humor@programming.dev

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1.38K users / day
3.15K users / week
9.36K users / month
20.2K users / 6 months
1 local subscriber
26K subscribers
1.7K Posts
63.3K Comments
Modlog