...
Warning |
---|
Make sure to change the password or better remove the default ubuntu account generated by the lxc creation script before making the container accessible to the Internet. |
UFW
UFW in the Host
UFW is a great simple firewall, but at this point I do not recommend installing on your host if you intend to use port forwarding as there may be conflicts. Second, port forwarding using UFW is overly complex and seems like a hack versus it being very simple with IP Tables.
If you insist on using UFW, make sure to change the setting to not drop forwarded packets. I will revisit this later as I do like UFW. Perhaps I can ask the developers to make port forwarding more straight-forward.
UFW in a Container
Also, firewalls work at the kernel level. So you should not be installing UFW or even IP Tables inside of a container.
I will revisit this topic but believe it is due to modules not loading inside of containers /etc/modules and the container not being able to modify it.
Code Block | ||
---|---|---|
| ||
sudo ufw allow 22
ERROR: initcaps
[Errno 2] modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/3.13.0-57-generic/modules.dep.bin'
ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded. |
Trying to enable UFW inside of a container results in a a kernel needs to be upgraded error.
Port Forwarding using IP Tables
...