From 45f04e322a84432a3fb3c8f235ccf2ce026ba8d8 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 12 Jan 2022 12:04:56 +0100
Subject: [PATCH] Add warning on port opening for docker

---
 README.md         | 9 +++++++++
 minifirewall.conf | 3 +++
 2 files changed, 12 insertions(+)

diff --git a/README.md b/README.md
index 97e78cd..678ac5a 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,15 @@ Edit /etc/default/minifirewall file:
 * Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP
 * Add your specific rules
 
+### Docker
+
+To use minifirewall with docker you need to change the variable *DOCKER* from _off_ to _on_
+Then, authorisation for public/semi-public/private ports will also work for dockerized services
+
+
+**WARNING** : When the port mapping on the host is different than in the container (ie: listen on :8090 on the host, but the service in the container listen on :8080)
+you need to use the port used by the container (ie: 8080) in the public/semi-public/private port list
+
 ## Usage
 
 ~~~
diff --git a/minifirewall.conf b/minifirewall.conf
index f5548fc..7dc39c1 100644
--- a/minifirewall.conf
+++ b/minifirewall.conf
@@ -12,6 +12,9 @@ IPV6=on
 # For instance, turning it on will disable nat table purge
 # Also, we'll add the DOCKER-USER chain, in iptable
 DOCKER='off'
+# WARNING : If the port mapping is different between host and container
+# (ie: Listen on :8090 on host but :8080 in container)
+# Then you need to makes the rules with the port used inside the container
 
 # Trusted IPv4 local network
 # ...will be often IP/32 if you don't trust anything