I use nftables to set my firewall rules. I typically manually configure the rules myself. Recently, I just happened to dump the ruleset, and, much to my surprise, my config was gone, and it was replaced with an enourmous amount of extremely cryptic firewall rules. After a quick examination of the rules, I found that it was Docker that had modified them. And after some brief research, I found a number of open issues, just like this one, of people complaining about this behaviour. I think it’s an enourmous security risk to have Docker silently do this by default.

I have heard that Podman doesn’t suffer from this issue, as it is daemonless. If that is true, I will certainly be switching from Docker to Podman.

  • SLaSZT@kbin.social
    link
    fedilink
    arrow-up
    16
    ·
    8 months ago

    I just set it up last week, it works exceptionally well.

    Did you also install podman-docker, make sure that the podman socket was running, and verify that the socket directory referenced in the config files was correct?

    Those are the 3 things that I got a bit stuck on. In the end, I RTFM and all was well.