The problem is:
On a server that has several interfaces, loopback, eth0 with public IP and several Docker virtual interfaces, I wanted to use UFW to deny all of the incoming traffic on eth0 for the other ports other than the ones that I specify.
To start I tried:
ufw deny in on eth0 from any to any
which got me the following status:
root@debian:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 22/tcp ALLOW IN Anywhere [ 2] 80/tcp ALLOW IN Anywhere [ 3] 2222/tcp ALLOW IN Anywhere [ 4] Anywhere on eth0 DENY IN Anywhere [ 5] 22/tcp ALLOW IN Anywhere (v6) [ 6] 80/tcp ALLOW IN Anywhere (v6) [ 7] 2222/tcp ALLOW IN Anywhere (v6) [ 8] Anywhere (v6) on eth0 DENY IN Anywhere (v6)
Which looks good but doesn't work.
I also tried to do ufw deny proto tcp from any
Although probably that's not what I want because It might block connections within linked Docker containers.
So, I'm thinking that either the raw rules have an error on them, or iptables is somehow not enabled at all (?! is that possible??).
So, for the first case the show raw
can be found here http://pastebin.com/ABwVnx0S (I put it here because it is too big for ServerFault)
What is wrong with this?
Thanks!