What is the best practice of docker + ufw under Ubuntu

Question

I just tried out Docker. It is awesome but seems not work nicely with ufw. By default, docker will manipulate the iptables a little bit. The outcome is not a bug but not wha

Answer 1

I don't like the operational overhead required by the iptables: false flag in docker daemon. In fact, from what I see, and please correct me if I am wrong, all the solutions are way too complicated hacks.

Just insert this in /etc/ufw/after.rules, before the *filter section:

*mangle
# Allow a whitelisted ip to access postgres port
-I PREROUTING 1 -s  -p tcp --dport 5432 -j ACCEPT
# Allow everyone to access port 8080
-I PREROUTING 2 -p tcp --dport 8080 -j ACCEPT
# Drop everything else
-I PREROUTING 3 -p tcp -j DROP
COMMIT

There is no need to mess with docker networking or with unnecessary hacks.