Given that I configured UFW like so
ufw default deny incoming
ufw default deny outgoing
and just allowed certain ports for outgoing and incoming connections. It works fine, except when connecting between different interfaces on the same machine, eg. interface created for Docker's bridged network. (I didn't actually check any other interfaces yet).
For example I have a Docker container
docker run --network some-net -p 127.0.0.1:50100:80 image-name
Now I can't establish a connection to the container, as it times out with the message:
$ curl localhost:50100
curl: (56) Recv failure: Connection reset by peer
I can unlock the connection by either changing my outgoing policy to allow, or by adding a rule to allow output connections from a specific interface:
ufw allow out on br-03a38c6b9c51
UFW configuration is as follows:
DEFAULT_INPUT_POLICY="DROP"
DEFAULT_OUTPUT_POLICY="DROP"
DEFAULT_FORWARD_POLICY="ACCEPT"
DEFAULT_APPLICATION_POLICY="SKIP"
I already tried to add --iptables=false to Docker options in order to eliminate that it is the case with of rules Dockers creates when initializing a network.
No problem with the calling any external hosts from container once it has its port opened in UFW rules.
Thanks for any ideas.
