podman_ufw.md
· 593 B · Markdown
Raw
**1. `ufw default allow routed` (Forwarding)**
* Allows traffic to pass *through* the host.
* This is what allows the container to **reach the internet**. Without this, your container wouldn't have been able to `ping 8.8.8.8`.
**2. `ufw allow from <podman_subnet>` (Input)**
* Allows traffic to stop *at* the host.
* This allows the container to **talk to the host machine itself**. Because Podman runs its internal DNS server (`aardvark-dns`) directly on the host's gateway interface (e.g., `10.89.0.1`), the container needs permission to talk to the host to resolve domain names.
1. ufw default allow routed (Forwarding)
- Allows traffic to pass through the host.
- This is what allows the container to reach the internet. Without this, your container wouldn't have been able to
ping 8.8.8.8.
2. ufw allow from <podman_subnet> (Input)
- Allows traffic to stop at the host.
- This allows the container to talk to the host machine itself. Because Podman runs its internal DNS server (
aardvark-dns) directly on the host's gateway interface (e.g.,10.89.0.1), the container needs permission to talk to the host to resolve domain names.