Pi-hole on VPS running in a docker container with UFW

sander_kerkhoff · March 10, 2023, 3:33pm

Expected Behaviour:

I am running Pihole in a docker container on a debian 11 VPS system. This vps is wide open to the internet, so my pihole is an open dns resolver. Now i am trying to block all access to the vps with UFW, and only allow my home ip access. In a normal (not docker install) iw always worked, but for some reason docker install is still accessible as for instance SSH on 2929 is blocked.
Does docker overrule UFW or something like that?

Actual Behaviour:

pi-hole still accessible from other ips, ufw not blocking
Also portainer is still acessible from other ips:

**Anywhere ALLOW 45.x.x.x (my ip)
80/tcp DENY Anywhere
DNS DENY Anywhere
9000 DENY Anywhere
80/tcp (v6) DENY Anywhere (v6)
DNS (v6) DENY Anywhere (v6)
9000 (v6) DENY Anywhere (v6)
**

Debug Token:

chrislph · March 10, 2023, 3:35pm

Best to take Pi-hole offline while you work it out to prevent possible abuse.

sander_kerkhoff · March 10, 2023, 3:48pm

Yes, it's offline

DanSchaper · March 10, 2023, 7:10pm

Yes, docker has it's own iptables chains. Docker and UFW is kind of notorious for being a difficult configuration. There's a number of guides on out there, what works for you may not work for others and what works for others may not work for you.

sander_kerkhoff · March 10, 2023, 7:33pm

Ok, clear
What else can i use then as firewall?
Or does docker effect all firewalls like ufw

DanSchaper · March 10, 2023, 8:03pm

Good questions, I don't have any answer for them.

system · March 31, 2023, 8:04pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.