add ufw doc
This commit is contained in:
Victor Vieux
parent
a7ace535c3
commit
7d0b8c726c
1 changed files with 34 additions and 0 deletions
|
|
@ -19,6 +19,8 @@ Docker has the following dependencies
|
|||
* Linux kernel 3.8 (read more about :ref:`kernel`)
|
||||
* AUFS file system support (we are working on BTRFS support as an alternative)
|
||||
|
||||
Please read :ref:`ufw`, if you plan to use `UFW (Uncomplicated Firewall) <https://help.ubuntu.com/community/UFW>`_
|
||||
|
||||
.. _ubuntu_precise:
|
||||
|
||||
Ubuntu Precise 12.04 (LTS) (64-bit)
|
||||
|
|
@ -135,3 +137,35 @@ Verify it worked
|
|||
|
||||
|
||||
**Done!**, now continue with the :ref:`hello_world` example.
|
||||
|
||||
|
||||
.. _ufw:
|
||||
|
||||
Docker and UFW
|
||||
^^^^^^^^^^^^^^
|
||||
|
||||
Docker uses a bridge to manage containers networking, by default UFW drop all `forwarding`, a first step is to enable forwarding:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
sudo nano /etc/default/ufw
|
||||
----
|
||||
# Change:
|
||||
# DEFAULT_FORWARD_POLICY="DROP"
|
||||
# to
|
||||
DEFAULT_FORWARD_POLICY="ACCEPT"
|
||||
|
||||
Then reload UFW:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
sudo ufw reload
|
||||
|
||||
|
||||
UFW's default set of rules denied all `incoming`, so if you want to be able to reach your containers from another host,
|
||||
you should allow incoming connexions on the docker port (default 4243):
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
sudo ufw allow 4243/tcp
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue