Posted a quick writeup about an issue I had with ufw and Docker: https://www.colinmatthias.com/blog/ufw-docker-fixing-security-issue/
@colin This has been known for a while now, sad to see that there is not some sort of fix upstream.
@gudenau Yeah, I definitely found lots of references to it going back a while. Not really sure who is to blame; could see arguments for blaming either or both sides. UFW wants to provide a nice simple interface to iptables, and Docker wants networking to just work when you create a container. 🤷♂️
@colin There could be a common firewall interface created, kinda like on Windows. UFW could provide a standardized service and Docker could connect to it to configure UFW, whatever firewall you have or default to the current implementation.
Would be an overall net gain in my opinion.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!