Skip to content

Commit 2cd3be8

Browse files
dorukardahangrp06
dorukardahan
and
grp06
authored
docs(security): document Docker UFW hardening via DOCKER-USER (#27613)
Merged via squash. Prepared head SHA: 31ddd43 Co-authored-by: dorukardahan <[email protected]> Co-authored-by: grp06 <[email protected]> Reviewed-by: @grp06
1 parent 4906701 commit 2cd3be8

File tree

3 files changed

+54
-1
lines changed

3 files changed

+54
-1
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ Docs: https://docs.openclaw.ai
1313

1414
### Fixes
1515

16+
- Docs/security hardening guidance: document Docker `DOCKER-USER` + UFW policy and add cross-linking from Docker install docs for VPS/public-host setups. (#27613) thanks @dorukardahan.
1617
- Docs/tool-loop detection config keys: align `docs/tools/loop-detection.md` examples and field names with the current `tools.loopDetection` schema to prevent copy-paste validation failures from outdated keys. (#33182) Thanks @Mylszd.
1718
- Discord/inbound debouncer: skip bot-own MESSAGE_CREATE events before they reach the debounce queue to avoid self-triggered slowdowns in busy servers. Thanks @thewilloftheshadow.
1819
- Discord/Agent-scoped media roots: pass `mediaLocalRoots` through Discord monitor reply delivery (message + component interaction paths) so local media attachments honor per-agent workspace roots instead of falling back to default global roots. Thanks @thewilloftheshadow.

docs/gateway/security/index.md

Lines changed: 50 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -630,7 +630,56 @@ Rules of thumb:
630630
- If you must bind to LAN, firewall the port to a tight allowlist of source IPs; do not port-forward it broadly.
631631
- Never expose the Gateway unauthenticated on `0.0.0.0`.
632632

633-
### 0.4.1) mDNS/Bonjour discovery (information disclosure)
633+
### 0.4.1) Docker port publishing + UFW (`DOCKER-USER`)
634+
635+
If you run OpenClaw with Docker on a VPS, remember that published container ports
636+
(`-p HOST:CONTAINER` or Compose `ports:`) are routed through Docker's forwarding
637+
chains, not only host `INPUT` rules.
638+
639+
To keep Docker traffic aligned with your firewall policy, enforce rules in
640+
`DOCKER-USER` (this chain is evaluated before Docker's own accept rules).
641+
On many modern distros, `iptables`/`ip6tables` use the `iptables-nft` frontend
642+
and still apply these rules to the nftables backend.
643+
644+
Minimal allowlist example (IPv4):
645+
646+
```bash
647+
# /etc/ufw/after.rules (append as its own *filter section)
648+
*filter
649+
:DOCKER-USER - [0:0]
650+
-A DOCKER-USER -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN
651+
-A DOCKER-USER -s 127.0.0.0/8 -j RETURN
652+
-A DOCKER-USER -s 10.0.0.0/8 -j RETURN
653+
-A DOCKER-USER -s 172.16.0.0/12 -j RETURN
654+
-A DOCKER-USER -s 192.168.0.0/16 -j RETURN
655+
-A DOCKER-USER -s 100.64.0.0/10 -j RETURN
656+
-A DOCKER-USER -p tcp --dport 80 -j RETURN
657+
-A DOCKER-USER -p tcp --dport 443 -j RETURN
658+
-A DOCKER-USER -m conntrack --ctstate NEW -j DROP
659+
-A DOCKER-USER -j RETURN
660+
COMMIT
661+
```
662+
663+
IPv6 has separate tables. Add a matching policy in `/etc/ufw/after6.rules` if
664+
Docker IPv6 is enabled.
665+
666+
Avoid hardcoding interface names like `eth0` in docs snippets. Interface names
667+
vary across VPS images (`ens3`, `enp*`, etc.) and mismatches can accidentally
668+
skip your deny rule.
669+
670+
Quick validation after reload:
671+
672+
```bash
673+
ufw reload
674+
iptables -S DOCKER-USER
675+
ip6tables -S DOCKER-USER
676+
nmap -sT -p 1-65535 <public-ip> --open
677+
```
678+
679+
Expected external ports should be only what you intentionally expose (for most
680+
setups: SSH + your reverse proxy ports).
681+
682+
### 0.4.2) mDNS/Bonjour discovery (information disclosure)
634683

635684
The Gateway broadcasts its presence via mDNS (`_openclaw-gw._tcp` on port 5353) for local device discovery. In full mode, this includes TXT records that may expose operational details:
636685

docs/install/docker.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,9 @@ Sandboxing details: [Sandboxing](/gateway/sandboxing)
2828
- Docker Desktop (or Docker Engine) + Docker Compose v2
2929
- At least 2 GB RAM for image build (`pnpm install` may be OOM-killed on 1 GB hosts with exit 137)
3030
- Enough disk for images + logs
31+
- If running on a VPS/public host, review
32+
[Security hardening for network exposure](/gateway/security#04-network-exposure-bind--port--firewall),
33+
especially Docker `DOCKER-USER` firewall policy.
3134

3235
## Containerized Gateway (Docker Compose)
3336

0 commit comments

Comments
 (0)