Where is /etc/default/docker in the Docker snap?

Hi everyone,

I just started experimenting with Docker and am now trying the snap version. Currently Docker doesn’t respect UFW unless you add following line to /etc/default/docker


However I can’t for my life find out where this config file lives in a snappy world.

More info: https://www.techrepublic.com/article/how-to-fix-the-docker-and-ufw-security-flaw/

There is not a /etc/default/docker file for the snap, but you can edit the daemon.json to include the iptables key i.e.

    "log-level":        "error",
    "storage-driver":   "overlay2",
    "iptables": false

however this will have other side effects and as such is not recommended by the upstream docker docs:

It is possible to set the iptables key to false in the Docker engine’s configuration file at /etc/docker/daemon.json , but this option is not appropriate for most users. It is not possible to completely prevent Docker from creating iptables rules, and creating them after-the-fact is extremely involved and beyond the scope of these instructions. Setting iptables to false will more than likely break container networking for the Docker engine.

Thanks for your fast reply and sorry for my slow one :slight_smile: After reading up on this I will take your advice and not mess with Dockers iptables. It seems more trouble than its worth.

This isn’t working for me. If I try it exactly as you have it (no quotation marks around the false), Docker continues its firewall misbehavior, while if I put quotation marks (“false”) Docker fails to start.

Rebooting seems to have resolved the issue. No quotation marks around false is indeed correct but sadly it seems it requires a reboot.

You will definitely need to restart docker, something like snap restart docker should do the trick next time.