...
I actually use both techniques together.
UFW
UFW in the Host
UFW is a great simple firewall, but at this point I do not recommend installing on your host. First, port forwarding is overly complex and seems like a hack versus it being very simple with IP Tables.
If you insist on using UFW, make sure to change the setting to not drop forwarded packets. I will revisit this later as I do like UFW. Perhaps I can ask the developers to make port forwarding more straight-forward.
UFW in a Container
Also, firewalls as I understand work at the kernel level. So you should not be installing UFW or even IP Tables inside of a container for now. Again,
I will revisit this topic ,but believe it is due to modules not loading inside of containers /etc/modules and the container not being able to modify it.
Code Block | ||
---|---|---|
| ||
sudo ufw allow 22 ERROR: initcaps [Errno 2] modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/3.13.0-57-generic/modules.dep.bin' ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. |
...