Why isn't UFW blocking my PostgreSQL service running in a Docker container?

Linode Staff

I've set UFW to allow only 22, 80, and 443. Why is my PostgreSQL container still accessible?

1 Reply

UFW and nmap can sometimes have a discrepancy in which ports they show as open, as stated in this StackExchange post. With Docker, though, it's also worth noting that Docker makes changes directly to iptables. UFW is a wrapper program for iptables, so if iptables is directly changed, your UFW output will differ from the output of services like nmap. Use of the -p flag (to publish services to ports) with your Docker containers will result in these ports being shown as open. Something you may want to try if you want to continue using -p is to edit your /etc/docker/daemon.json file so that it does not affect iptables.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct