Once deployed, we shouldn’t be able to make a connection to the container. We’ll do the testing via a MongoDB container. Let’s test this and make sure it’s the case. Once I’ve issued the above commands, I’m good to go–the only traffic that can enter the machine is via the default SSH port (22). To do this, I open a terminal and issue the following commands: I’m going to set up UFW (running on Ubuntu Server 16.04), so that the only thing it will allow through is SSH traffic. This means all those UFW rules you have set won’t apply to Docker containers. Why? Because Docker actually bypasses UFW and directly alters iptables, such that a container can bind to a port. If that’s the case, you may not know this, but the combination of Docker and UFW poses a bit of a security issue. If you use Docker on Linux, chances are your system firewall might be relegated to Uncomplicated Firewall (UFW). Jack Wallen demonstrates and shows how to configure Docker so that it will. It has been discovered the Docker doesn't always honor UFW rules. How to fix the Docker and UFW security flaw
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |