I was curious, why are you doing the UFW rules if Docker is exposing the ports? Docker manipulates the iptables rules from what I understand which I think overrides UFW. Like I have UFW denying everything besides SSH and it all seems to work okay.
I haven’t been doing this very long so just wanted to make sure I wasn’t missing something.
This is correct. Docker uses its own iptable chains. They are connected to the nat table and bypass the INPUT chain. Not sure if ufw actually does something clever about it. I use raw iptables for my firewall
I prefer iptables, but saying that
how they interact:
when UFW is enabled, it translates user-friendly UFW commands into iptables rules that are applied to the system. essentially, UFW acts as a layer on top of iptables, making firewall management easier for users.
superseding behavior:
when both UFW and iptables are active (which is not a recommended setup), UFWs rules will take precedence because UFW is managing the firewall settings that are eventually passed to iptables. Its best practice to use either UFW or iptables, not both, to avoid conflicts and confusion.
what is port 9000 used for?
i what relation we are talking here??
Not needed. ufw port 9000. I think I was experimenting with authentik (which needed port 9000) when I wrote this.
Used the guide and almost everything works so far. Thank you for that!
If I try to apply the ipwhitelist middleware it doesn’t work and in my Traefik Logs I get the following warning:
WRN Middleware “ip-whitelist@file” of type IPWhiteList is deprecated, please use IPAllowList instead.
Does anyone else have the same issue? If I apply the ipallowlist middleware, everything works as expected.
its for old traefik installation.
ipWhiteList middleware in traefik was renamed to ipAllowList as part of the v2.0 release in October 2019 and now no longer works for v3 if you are using that