I try docker with a simple webapp :
docker run -d -v $(pwd):/app -p 8080:80 image_name
I have docker listen on 8080:
tcp6 0 0 :::8080 :::*
LISTEN 13304/docker
So I can test my web app through localhost:8080
I use iptables with UFW and I deny incoming except: 80, 443 and 22
But surprisingly, if I do a netcat from the Internet to my machine on port 8080 I can have access to my web app !!
Docker must do something special because if I start socat like this :
socat TCP6-LISTEN:8080 TCP4:www.google.fr:80
I see :
tcp6 0 0 :::8080 :::*
LISTEN 11577/socat
But this time I can't connect from the outside ... UFW do the his job ...