podman_ufw
· 671 B · Text
Raw
**1. `ufw default allow routed` (Forwarding)**
* **What it does:** Allows traffic to pass *through* the host.
* **Why you need it:** This is what allows the container to **reach the internet**. Without this, your container wouldn't have been able to `ping 8.8.8.8`.
**2. `ufw allow from <podman_subnet>` (Input)**
* **What it does:** Allows traffic to stop *at* the host.
* **Why you need it:** This allows the container to **talk to the host machine itself**. Because Podman runs its internal DNS server (`aardvark-dns`) directly on the host's gateway interface (e.g., `10.89.0.1`), the container needs permission to talk to the host to resolve domain names.
| 1 | **1. `ufw default allow routed` (Forwarding)** |
| 2 | * **What it does:** Allows traffic to pass *through* the host. |
| 3 | * **Why you need it:** This is what allows the container to **reach the internet**. Without this, your container wouldn't have been able to `ping 8.8.8.8`. |
| 4 | |
| 5 | **2. `ufw allow from <podman_subnet>` (Input)** |
| 6 | * **What it does:** Allows traffic to stop *at* the host. |
| 7 | * **Why you need it:** This allows the container to **talk to the host machine itself**. Because Podman runs its internal DNS server (`aardvark-dns`) directly on the host's gateway interface (e.g., `10.89.0.1`), the container needs permission to talk to the host to resolve domain names. |