Hi everyone,
I just started experimenting with Docker and am now trying the snap version. Currently Docker doesn’t respect UFW unless you add following line to /etc/default/docker
DOCKER_OPTS="–iptables=false"
However I can’t for my life find out where this config file lives in a snappy world.
More info: https://www.techrepublic.com/article/how-to-fix-the-docker-and-ufw-security-flaw/
There is not a /etc/default/docker file for the snap, but you can edit the daemon.json to include the iptables key i.e.
{
"log-level": "error",
"storage-driver": "overlay2",
"iptables": false
}
however this will have other side effects and as such is not recommended by the upstream docker docs:
It is possible to set the
iptableskey tofalsein the Docker engine’s configuration file at/etc/docker/daemon.json, but this option is not appropriate for most users. It is not possible to completely prevent Docker from creatingiptablesrules, and creating them after-the-fact is extremely involved and beyond the scope of these instructions. Settingiptablestofalsewill more than likely break container networking for the Docker engine.
Thanks for your fast reply and sorry for my slow one 
After reading up on this I will take your advice and not mess with Dockers iptables. It seems more trouble than its worth.
This isn’t working for me. If I try it exactly as you have it (no quotation marks around the false), Docker continues its firewall misbehavior, while if I put quotation marks (“false”) Docker fails to start.
Rebooting seems to have resolved the issue. No quotation marks around false is indeed correct but sadly it seems it requires a reboot.
You will definitely need to restart docker, something like snap restart docker should do the trick next time.