whalewall
ufw-docker-automated
whalewall | ufw-docker-automated | |
---|---|---|
6 | 6 | |
185 | 194 | |
- | - | |
7.8 | 1.8 | |
7 days ago | 7 months ago | |
Go | Go | |
BSD 3-clause "New" or "Revised" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
whalewall
-
Docker developers discuss changes in how ports are to be forwarded into containers
It took me a long time to notice this issue, and I've found this as a possible solution. Working on deploying it, and will see how it goes.
-
Self hosted security recommendations
Look into ufw (or iptables/nftables if you want to go deeper) to restrict outbound network access. Note though that Docker containers won't respect host firewall rules by default, so I created whalewall to easily manage container firewall rules: https://github.com/capnspacehook/whalewall
- Any experience with ufw-docker?
- Whalewall v0.2.0 released
- Whalewall – Easily mange firewall rules for Docker containers
-
Whalewall - easily manage firewall rules for Docker containers
I recently found out that Docker containers ignore any host-based firewall rules by default and wanted a solution to restrict container traffic. This weekend I finally finished a project to do just that: https://github.com/capnspacehook/whalewall
ufw-docker-automated
-
Docker developers discuss changes in how ports are to be forwarded into containers
I know it looks daunting, but it's just putting ufw-style rules into your docker-compose files. There are other solutions like ufw docker automated , but they seem even more annoying to setup.
-
Securing a VPS running docker
Or this for a more automated one: https://github.com/shinebayar-g/ufw-docker-automated
-
Stay safe with Docker and firewall
This is nothing new and a known issue for a very long time with docker and ufw and easily sorted by using this workaround.
-
Docker overrides UFW rules
Known issue for years but this and this helps.
-
A Docker footgun led to a vandal deleting NewsBlur's MongoDB database
Luckily it was about as hardened as regular ftp can be, but I noticed the problem when my service wasn't able to log in as the (very low) connection limit was filled by someone attempting passwords.
I've been using https://github.com/shinebayar-g/ufw-docker-automated to make docker compliant with UFW, and defining firewall rules as labels for the containers.
-
Checklist for hardening a linux VPS?
I found this script, but haven't had the time to try it.
What are some alternatives?
trafficjam - A Docker firewall for your reverse proxy network
ufw-docker - To fix the Docker and UFW security flaw without disabling iptables
pfDeploy - Deploy your pf configuration in a FreeBSD VM.
opensnitch - OpenSnitch is a GNU/Linux application firewall
JShielder - Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark
Moby - The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
hub - Main repository for crowdsec scenarios/parsers
iptables-docker - A bash solution for docker and iptables conflict
debian_bridge - CLI utility to run .deb packages on non-debian distros using docker