adien revised this gist . Go to revision
1 file changed, 4 insertions, 4 deletions
podman_ufw.md
| @@ -1,7 +1,7 @@ | |||
| 1 | 1 | **1. `ufw default allow routed` (Forwarding)** | |
| 2 | - | * **What it does:** Allows traffic to pass *through* the host. | |
| 3 | - | * **Why you need it:** This is what allows the container to **reach the internet**. Without this, your container wouldn't have been able to `ping 8.8.8.8`. | |
| 2 | + | * Allows traffic to pass *through* the host. | |
| 3 | + | * This is what allows the container to **reach the internet**. Without this, your container wouldn't have been able to `ping 8.8.8.8`. | |
| 4 | 4 | ||
| 5 | 5 | **2. `ufw allow from <podman_subnet>` (Input)** | |
| 6 | - | * **What it does:** Allows traffic to stop *at* the host. | |
| 7 | - | * **Why you need it:** This allows the container to **talk to the host machine itself**. Because Podman runs its internal DNS server (`aardvark-dns`) directly on the host's gateway interface (e.g., `10.89.0.1`), the container needs permission to talk to the host to resolve domain names. | |
| 6 | + | * Allows traffic to stop *at* the host. | |
| 7 | + | * This allows the container to **talk to the host machine itself**. Because Podman runs its internal DNS server (`aardvark-dns`) directly on the host's gateway interface (e.g., `10.89.0.1`), the container needs permission to talk to the host to resolve domain names. | |
adien revised this gist . Go to revision
1 file changed, 0 insertions, 0 deletions
podman_ufw renamed to podman_ufw.md
File renamed without changes
adien revised this gist . Go to revision
1 file changed, 7 insertions
podman_ufw(file created)
| @@ -0,0 +1,7 @@ | |||
| 1 | + | **1. `ufw default allow routed` (Forwarding)** | |
| 2 | + | * **What it does:** Allows traffic to pass *through* the host. | |
| 3 | + | * **Why you need it:** This is what allows the container to **reach the internet**. Without this, your container wouldn't have been able to `ping 8.8.8.8`. | |
| 4 | + | ||
| 5 | + | **2. `ufw allow from <podman_subnet>` (Input)** | |
| 6 | + | * **What it does:** Allows traffic to stop *at* the host. | |
| 7 | + | * **Why you need it:** This allows the container to **talk to the host machine itself**. Because Podman runs its internal DNS server (`aardvark-dns`) directly on the host's gateway interface (e.g., `10.89.0.1`), the container needs permission to talk to the host to resolve domain names. | |