Docker docs:

Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.

  • jwt@programming.dev
    8·
    3 months ago

    Feels weird that an application is allowed to override iptables though. I get that when it’s installed with root everything’s off the table, but still…

    • MangoPenguin@lemmy.blahaj.zoneEnglish
      3·
      3 months ago

      Linux lets you do whatever you want and that’s a side effect of it, there’s nothing preventing an app from messing with things it shouldn’t.

      • WhyJiffie@sh.itjust.worksEnglish
        3·
        3 months ago

        there’s nothing preventing an app from messing with things it shouldn’t.

        that’s not exactly a linux specialty