Rootless container in Podman and creating a private container registry with Linode

I have been struggling for the past 2 days to get rootless containers working with Ubuntu and UFW enabled. UFW seems to be blocking the traffic to my containers (IP tables not being updated???). Everything works fine in Fedora when the same Kubernetes YAML is used and the firewall is enabled. Any input would be appreciated.

2 Replies

Hi @SuperFlea2828!

A system user needs root access to modify iptables directly, so rootless podman can't automatically write iptables rules. Might need to access the host's firewall and open the ports up manually.
Maybe Fedora gives rootless podman special access to firewalld, since podman is a RHEL brainchild? In normal conditions, rootless podman has limitations, but firewall access isn't mentioned.

ufw(8) is just a friendly™ Ubuntu-only front-end for iptables(8). Everything you can do with ufw(8) you can do with iptables(8) directly.

You can turn off iptables(8) and set up firewalld(1) on other distros besides RHEL. firewalld(1) is a supported package on both Debian & Ubuntu. See:

https://firewalld.org

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct