This is not insecure. It is surprising if you don’t know how containers work, but in a real deployment you’d only bind to localhost and use a reverse proxy and that is perfectly safe.
As I said this is surprising if you don’t know how containers work. This is similar from how e.g. virtual machine networking would trip you. As long as you know how to set things up properly, which is documented at length, Docker is not “insecure”.
You are saying that if one installs containers or VMs with Qemu or VirtualBox or OpenVZ or LXC or Kubernetes or VMware these technologies will all punch holes to the outside by default despite the iptables setup of the host machine ?
So-called “bridged networking” is not the default for VirtualBox but it is recommended for Qemu, yes. In that case only the routing rules on the bridge apply, not the filtering rules on your host’s interface.
It has some weird behaviour, for example ufw rules dont apply to Docker.
This is not insecure. It is surprising if you don’t know how containers work, but in a real deployment you’d only bind to localhost and use a reverse proxy and that is perfectly safe.
Not insecure ? Here an old blog post about it https://blog.viktorpetersson.com/2014/11/03/the-dangers-of-ufw-docker.html btw, Docker also had/has Google DNS as fallback, so the moment your DNS servers fail to respond Docker uses Google, not very privacy friendly.
As I said this is surprising if you don’t know how containers work. This is similar from how e.g. virtual machine networking would trip you. As long as you know how to set things up properly, which is documented at length, Docker is not “insecure”.
You are saying that if one installs containers or VMs with Qemu or VirtualBox or OpenVZ or LXC or Kubernetes or VMware these technologies will all punch holes to the outside by default despite the iptables setup of the host machine ?
So-called “bridged networking” is not the default for VirtualBox but it is recommended for Qemu, yes. In that case only the routing rules on the bridge apply, not the filtering rules on your host’s interface.