8

I have a 12.04.4 server, and I have enabled ufw, and have tried to block port 8080. However, it is still open.

$ sudo ufw deny 8080
Rule added
Rule added (v6)

$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22                         ALLOW IN    Anywhere
[ 2] 80                         ALLOW IN    Anywhere
[ 3] 8080                       DENY IN     Anywhere
[ 4] 22                         ALLOW IN    Anywhere (v6)
[ 5] 80                         ALLOW IN    Anywhere (v6)
[ 6] 8080                       DENY IN     Anywhere (v6)

Thoughts? I can still access the website that is on 8080. I have rebooted the system several times. The IP address is handled via static assignment, but I can't find anything that would indicate that that is the problem.

The service I'm trying to block is on a docker instance, however this question did not help.

Community
  • 1
jrg
  • 60,611

3 Answers3

4

The docker template that I am using is for Discourse. I solved it by editing the containers/app.yml file to include this under the ''expose' section: 

 - "127.0.0.1:20080:80"

This means that it routes port 20080 on 127.0.0.1 to port 80 on the docker instance, thus removing the need entirely for a ufw rule.

Seth
  • 58,122
jrg
  • 60,611
1

I tested it.

When I enter the command: sudo ufw deny 80, I could connect to myself, But other host could not.

I suggest you try to connect from any other than you.

xiaodongjie
  • 2,824
  • 1
  • 18
  • 37
  • Aha, I wondered if that could be it. – Seth Apr 24 '14 at 17:00
  • I'm ssh'ed into the server on the other side of the country, and I'm successfully accessing the system from my local web browser. – jrg Apr 24 '14 at 17:07
0

The iptables docker rules are evaluated after the ufw ones. I wanted to restrict all IPs except one (of a VPN server) and I found the better solution in the docker documentation

franciscorode
  • 101