Docker docs:
Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.
Explicitly binding certain ports to the container has a similar effect, no?
I still need to allow the ports in my firewall when using podman, even when I bind to 0.0.0.0.
Also when using a rootfull Podman socket?
When running as root, I did not need to add the firewall rule.
Thanks for checking
I haven’t tried rootful since I haven’t had issues with rootless. I’ll have to check on that and get back to you.
It’s better than nothing but I hate the additional logs that came from it constantly fighting firewalld.