I had to restore my homelab and took the opportunity to move from docker to rootless podman quadlets. Well almost full rootless, I kept pi-hole and caddy at the root level because I did not want to deal with sysctl.
I have everything running but for now I have to disable my firewall. With docker I was using this script: https://github.com/chaifeng/ufw-docker But I’m having a hard time finding an alternative for podman.
Do you know how any scripts that would magically fix podman and ufw? Would it be a better solution for me to manage iptables manually?
My needs are pretty simple as I do not really care if the ports are visible on my private network, I just want to allow specific IPs on port 80 and 443.
What expected problems did podman end up surorising you with? Is the software more stable and not constantly updated like docker? I want to move to podman at some point as well and I understand for a lot of cases it is just “drop in” but I run a lot of containers and I’m skeptical it’ll be that simple.
Especially with software distros like home assistant and matrix both explicitly pushing you to official docker due to some features.
The hardest part for me was to switch from docker compose to quadlets, but there is podlet to help with the conversion.
i too am on the docker to podman quadlet train! i switched from a ubuntu server running docker to a pretty stock ucore server with podman.
i put all my containers in a podman network. im using nginx proxy manager with inside ports 80, 81, and 443 mapped to 9080, 9081, and 9443 to keep the container rootless. i have the firewall configured witn port forwarding 80, 81, and 443 back to 9080, 9081, and 9443.
ucore is from the universal blue project and based on fedora’s coreos, so it comes with firewalld instead of ufw.
Does Podman actually open the ports like Docker do? I was of the impression it did not. But it’s entirely possible that I might be wrong.
I would be disappointed if it did. I’m moving to Podman as well just because of the firewall issue in Docker.
Edit: After some searching I’m convinced Podman does not mess with the firewall unless instructed to do so. Have you tested that the ports are actually opened up?
I should have clarified this. It does not open the ports, but I have setup my firewall to allow a range of IP and the traffic is still blocked.
I have noticed some inconsistency in the behavior, where the traffic would sometimes work upon ufw activation but never work upon reboot. Knowing how docker works, I thought podman would also mess with the firewall. But maybe the issue comes from something else.
That does sound like it’s something else.
May I ask what services you’re running, and to see your Quadlet files? I’m about to make the same move.
Mainly Immich, paperless and jellyfin
Fedora server has cockpit preinstalled. That’s what I use. With cockpit it’s very easy to adjust the firewall.
It’s not a direct solution to your problem but may show you what else is possible
