Ufw Docker

ufw-docker is a network security tool and firewall manager designed to enforce UFW security policies on Docker container traffic. It functions as a Linux firewall orchestrator that modifies routing and filter rules to prevent container traffic from bypassing system firewall policies via iptables.

The tool provides capabilities for isolated port exposure, allowing specific ports or protocols to be opened for containers without exposing them on the host machine. It also manages network subnet security for IPv4 and IPv6 through automatic detection and custom CIDR ranges.

The system includes automation for refreshing firewall rules when container IP addresses change and provides utilities for auditing and verifying active forwarding rules and security configurations.

Features

Firewalls - Ensures Docker container traffic obeys UFW firewall rules instead of bypassing them through iptables routing.

Security Policy Controllers - Implements a system that enforces UFW security policies on Docker container traffic to prevent firewall bypasses via iptables.

Firewall-Enforced Routing - Routes container traffic through the firewall to prevent network traffic from bypassing system security rules.

Interface-Level Packet Filtering - Intercepts network traffic at the host interface level to prevent containers from bypassing system security rules.

Isolated Container Port Exposures - Provides a mechanism to expose specific container ports or protocols while preventing them from being accessible on the host machine.

CIDR-Based - Automatically detects container network ranges to apply security policies based on CIDR blocks.

Container Network Filtering - Defines and enforces security policies on network traffic entering and leaving Docker containers.

Container Traffic Filters - Manages permitted IPv4 and IPv6 subnets and enables exposing specific container ports without host-level exposure.

Docker Firewall Managers - Enforces UFW security policies on Docker container traffic to prevent the bypass of iptables rules.

Bypass Prevention - Ensures container traffic obeys default security policies instead of using direct routing to bypass the firewall.

Network Security Tools - Modifies routing and filter rules to ensure container network traffic obeys system firewall policies.

Network Traffic Filtering - Ensures container network traffic is filtered and adheres to default system security policies.

Forwarding Chain Modifications - Inserts custom routing rules into the iptables forwarding chain to force container traffic through firewall filters.

Firewall Rule Auditing - Lists and verifies active forwarding rules and container configurations to ensure security settings are applied correctly.

Container Subnet Management - Manages network subnet security for IPv4 and IPv6 through automatic detection and custom CIDR ranges for containers.

Configuration Auditing - Validates active forwarding rules against current container configurations to ensure security policy compliance.

Firewall Orchestrators - Automates firewall reloads and synchronizes security rules across a cluster of container hosts.

Automatic Rule Refreshers - Automatically refreshes firewall rules whenever container IP addresses change following a restart.

Rule Automation - Automatically updates UFW firewall rules when Docker containers restart or change IP addresses.

Status Verification - Lists active filters and forwarding rules for specific containers to verify their current security state.

chaifengufw-docker

Features

Star history