Rootless container in Podman and creating a private container registry with Linode
I have been struggling for the past 2 days to get rootless containers working with Ubuntu and UFW enabled. UFW seems to be blocking the traffic to my containers (IP tables not being updated???). Everything works fine in Fedora when the same Kubernetes YAML is used and the firewall is enabled. Any input would be appreciated.
2 Replies
Hi @SuperFlea2828!
A system user needs root access to modify iptables
directly, so rootless podman
can't automatically write iptables rules. Might need to access the host's firewall and open the ports up manually.
Maybe Fedora gives rootless podman
special access to firewalld
, since podman
is a RHEL brainchild? In normal conditions, rootless podman
has limitations, but firewall access isn't mentioned.
ufw(8) is just a friendly™ Ubuntu-only front-end for iptables(8). Everything you can do with ufw(8) you can do with iptables(8) directly.
You can turn off iptables(8) and set up firewalld(1) on other distros besides RHEL. firewalld(1) is a supported package on both Debian & Ubuntu. See:
-- sw