Add warning on port opening for docker

2022-01-12 12:04:56 +01:00 · 2022-01-12 12:04:56 +01:00 · 45f04e322a
parent 9898ff9e62
commit 45f04e322a
2 changed files with 12 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -26,6 +26,15 @@ Edit /etc/default/minifirewall file:
 * Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP
 * Add your specific rules

+### Docker
+
+To use minifirewall with docker you need to change the variable *DOCKER* from _off_ to _on_
+Then, authorisation for public/semi-public/private ports will also work for dockerized services
+
+
+**WARNING** : When the port mapping on the host is different than in the container (ie: listen on :8090 on the host, but the service in the container listen on :8080)
+you need to use the port used by the container (ie: 8080) in the public/semi-public/private port list
+
 ## Usage

 ~~~
--- a/minifirewall.conf
+++ b/minifirewall.conf
@ -12,6 +12,9 @@ IPV6=on
 # For instance, turning it on will disable nat table purge
 # Also, we'll add the DOCKER-USER chain, in iptable
 DOCKER='off'
+# WARNING : If the port mapping is different between host and container
+# (ie: Listen on :8090 on host but :8080 in container)
+# Then you need to makes the rules with the port used inside the container

 # Trusted IPv4 local network
 # ...will be often IP/32 if you don't trust anything