I am using UFW for setting my firewall rules.
But docker keeps overridding them in iptables openning all ports that have been mapped from the containers to the host.
I want to have access only to two ports in a docker container from outside but block access the other docker containers ports and allow only localhost access for them (after ssh tunnel).
Any solutions apart from iptables=false?
The simple answer is to skip any iptables changes and publish ports you need to access from localhost to only the loopback interface. E.g.
This would only publish the port 2222 to the 127.0.0.1 interface, and not all interfaces (0.0.0.0).
If you really need to modify the iptables rules in a way that impacts docker containers, use the
DOCKER-USER
table, as documented by docker, e.g.: