When running docker on a server with CSF firewall, you may face network connection error because iptables rules added by docker getting replaced by CSF firewall.
If your docker installation is exposing service to localhost, which is skipped by CSF firewall by default, you can do the following, which will skip the docker0 interface also, so the connection between docker and localhost won’t be affected by CSF firewall. To expose the service to the public, you can use a reverse proxy like Nginx.
Edit csf.conf
vi /etc/csf/csf.conf
Find
ETH_DEVICE_SKIP = ""
Replace with
ETH_DEVICE_SKIP = "docker0"
Restart CSF
csf -r
Leave a Reply