How to run docker with csf firewall
When running docker on a server with CSF firewall, you may face network connection error because iptables rules added by docker getting replaced by CSF firewall.
If your docker installation is exposing service to localhost, which is skipped by CSF firewall by default, you can do the following, which will skip the docker0 interface also, so the connection between docker and localhost won’t be affected by CSF firewall. To expose the service to the public, you can use a reverse proxy like Nginx.
Edit csf.conf
|
1 |
vi /etc/csf/csf.conf |
Find
|
1 |
ETH_DEVICE_SKIP = "" |
Replace with
|
1 |
ETH_DEVICE_SKIP = "docker0" |
Restart CSF
|
1 |
csf -r |