I'm running a docker container that has the port 9000:9000 binding to the host, but I also have ufw enabled. The only ports I've allowed are 22, 80, 443.
So why is it that I'm able to connect to this container using the host's IP address? Shouldn't port 9000 be blocked by ufw?
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 14417c4f71fb dockerui/dockerui "/dockerui" 2 seconds ago Up 2 seconds 0.0.0.0:9000->9000/tcp docker_ui root@docker:~# ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
Aren't all ports blocked by default when you enable ufw?
Docker silently modifies iptables. You can start the Docker daemon with the --iptables=false option by editing DOCKER_OPTS in /etc/default/docker