Integration with UCS/Firewall
From Univention Wiki
In the default setting, all incoming ports are blocked by the UCS firewall. univention-firewall is a set of rules for iptables.
The Firewall for Docker Apps
Docker Containers have access to the Docker Host and the outside world via these variables in the ini file:
This will make port 9900 and port 80 of the Docker Container available on the Docker Host and for external clients. Port 80 inside the container is accessible as port 9911 outside!
- This will also build up an implicit conflict list against other Apps that want to use these ports!
As described in Integration with UCS/Database, the ports for MySQL and Postgres are opened for the Docker Container automatically if specified in the ini file:
A web interface on port, say, 8080, needs to be specified in the ini file:
WebInterfacePortHTTP=8080 PortsExclusive=8080 AutoModProxy=False
Configuring the Firewall
Every App can provide rules, which free up the ports required. In this example the port 6644 is opened for TCP and UDP. It in the join script:
univention-config-registry set \ security/packetfilter/package/"$APP"/tcp/6644/all="ACCEPT" \ security/packetfilter/package/"$APP"/tcp/6644/all/en="$APP" \ security/packetfilter/package/"$APP"/udp/6644/all="ACCEPT" \ security/packetfilter/package/"$APP"/udp/6644/all/en="$APP" [ -x "/etc/init.d/univention-firewall" ] && invoke-rc.d univention-firewall restart