Skip to content

Docker bypasses UFW firewall rules - security documentation needs update #102

Description

@Clasyc

What problem will this feature address?

The current security documentation recommends using UFW for firewall protection, but this approach has a flaw.

Docker modifies iptables directly and bypasses UFW rules. This means that ports exposed by Docker containers remain accessible even when UFW rules should block them, creating a false sense of security.

Describe the solution you'd like

Update security recommendations documentation to:

  • Clearly warn users about the UFW/Docker iptables bypass issue
  • Recommend using ufw-docker for proper firewall protection with Docker
  • Provide setup instructions for ufw-docker integration

Describe alternatives you've considered

  • Using Docker's built-in firewall options with --iptables=false: not very good solution, it is likely to break container networking for the Docker Engine
  • Manually managing iptables rules: complex and error-prone
  • Network-level firewalls

Additional context

Have you considered this security issue in your current documentation? Many users rely on UFW and may not be aware that their Docker containers are exposed despite having UFW rules in place.

I have never used Dokploy, and I only recently came across this project. Before trying it out, I checked the documentation, and honestly, the security recommendations seemed pretty lacking to me. I might be missing something, or maybe I just don't have the full context. Discussion is welcome.

If people think this needs to be improved, I can make a PR later.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions