Local firewall isn't working


#1

Issue Summary

The local firewall isn’t working, since redashes docker setup rewrites the entire iptables configuration thus overriding whatever is blocked in UFW resulting in the local firewall having absolutely no effect what so over. I am not familiar with docker so struggling with this.
Any ideas on how to fix this ?

Thanks in advance!

Technical details:

  • Redash Version: v6.0.0
  • Browser/OS: Any Browser But I am using Safari and Google Chrome
  • How did you install Redash: using setup script

#2

Apparently docker doesn’t play well with any firewall solution (UFW, etc).

So, the general approach - if you need to keep on using UFW - is to tell the docker daemon not to touch the firewall. The --iptables=false option to the docker daemon should do that.

You’ll then need to use your firewall solution (UFW) to construct appropriate rules for the setup accordingly. No idea what that’d look like though, I’m only starting to try out Redash now myself too. :wink:


#3

thanks Justin, this is something that we are looking at --iptables=false option, found an interesting article on this
https://www.mkubaczyk.com/2017/09/05/force-docker-not-bypass-ufw-rules-ubuntu-16-04/. Will post on how we manage to solve this.


#4

Thanks Viktoria, please do. :slight_smile:

Depending on where you’re deploying this stuff, you might have other options too.

For example, if you’re deploying this in a cloud environment (AWS, Scaleway, etc), then you may be able to lock things down (firewall wise) using host/security groups there.

That way, you could can let docker have it’s way with the firewall on the docker host machine, and not need to run UFW on it directly. Instead, you configure the host group / firewall in the cloud environment, and the cloud provider (AWS, Scaleway, etc) locks down the firewall ports using their network / hosting configuration tools.

That may not fit your scenario, but it’s an option to be aware of. :slight_smile: