How to run docker with csf firewall

When running docker on a server with CSF firewall, you may face network connection error because iptables rules added by docker getting replaced by CSF firewall.

If your docker installation is exposing service to localhost, which is skipped by CSF firewall by default, you can do the following, which will skip the docker0 interface also, so the connection between docker and localhost won’t be affected by CSF firewall. To expose the service to the public, you can use a reverse proxy like Nginx.

Edit csf.conf

vi /etc/csf/csf.conf 

Find

ETH_DEVICE_SKIP = ""

Replace with

ETH_DEVICE_SKIP = "docker0"

Restart CSF

csf -r

Back to CSF, Docker

Need help with Linux Server or WordPress? We can help!

Leave a Reply

Your email address will not be published. Required fields are marked *