podman ignores/bypasses firewall rules
Environment
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- podman
Issue
- podman ignores/bypasses firewall rules
- container is accessible on a port even though the port is not added to firewall
Resolution
- This is recognized as a contrary to some expectations as to how the system firewall should act but the current behavior matches docker
- JIRA has been raised to address the issue about potential improvements to this, likely via opt-in configuration option which would require explicit addition of the port to firewalld by the admin before forwarding
Root Cause
- This is an intended behavior from podman. rootful podman ensures that ports that are forwarded are opened fully through the firewall so that traffic forwarding happens immediately on a podman container being created
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments