What problem will this feature address?
The current security documentation recommends using UFW for firewall protection, but this approach has a flaw.
Docker modifies iptables directly and bypasses UFW rules. This means that ports exposed by Docker containers remain accessible even when UFW rules should block them, creating a false sense of security.
Describe the solution you'd like
Update security recommendations documentation to:
- Clearly warn users about the UFW/Docker iptables bypass issue
- Recommend using ufw-docker for proper firewall protection with Docker
- Provide setup instructions for ufw-docker integration
Describe alternatives you've considered
- Using Docker's built-in firewall options with
--iptables=false: not very good solution, it is likely to break container networking for the Docker Engine
- Manually managing iptables rules: complex and error-prone
- Network-level firewalls
Additional context
Have you considered this security issue in your current documentation? Many users rely on UFW and may not be aware that their Docker containers are exposed despite having UFW rules in place.
I have never used Dokploy, and I only recently came across this project. Before trying it out, I checked the documentation, and honestly, the security recommendations seemed pretty lacking to me. I might be missing something, or maybe I just don't have the full context. Discussion is welcome.
If people think this needs to be improved, I can make a PR later.
What problem will this feature address?
The current security documentation recommends using UFW for firewall protection, but this approach has a flaw.
Docker modifies iptables directly and bypasses UFW rules. This means that ports exposed by Docker containers remain accessible even when UFW rules should block them, creating a false sense of security.
Describe the solution you'd like
Update security recommendations documentation to:
Describe alternatives you've considered
--iptables=false: not very good solution, it is likely to break container networking for the Docker EngineAdditional context
Have you considered this security issue in your current documentation? Many users rely on UFW and may not be aware that their Docker containers are exposed despite having UFW rules in place.
I have never used Dokploy, and I only recently came across this project. Before trying it out, I checked the documentation, and honestly, the security recommendations seemed pretty lacking to me. I might be missing something, or maybe I just don't have the full context. Discussion is welcome.
If people think this needs to be improved, I can make a PR later.