A Note about using UFW with Docker

Posted on Sun 06 August 2017 in Linux

UFW is a great program. It allows easy configuration of a powerful firewall, without the need to learn IPTables and the large amount of networking knowledge that goes with it.
However, when used with Docker, there is something you need to be aware of - UFW lies!

Although UFW makes changes to IPTables, it does not read back the same route tables it modifies. This means that a program that works directly with IPTables, such as Docker, could make rules that go against what you are trying to do with UFW.

For example, let's take a standard web server configuration: allow traffic on ports 22, 80 and 443. The output of UFW is as follows:

adam@ExampleHost:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                  
443/tcp                    ALLOW IN    Anywhere                  
80/tcp                     ALLOW IN    Anywhere 

Now let's load up a Docker container that exposes port 8765 to the outside world:

adam@ExampleHost:~$ docker ps
CONTAINER ID        IMAGE                   COMMAND        CREATED             STATUS          PORTS                     NAMES
f9955df5766f        example/example         "/bin/sh"      3 minutes ago       Up 1 hours      0.0.0.0:8765->9000/tcp    ExampleProgram

Now …


Continue reading

Recover overwritten files using grep

Posted on Wed 02 August 2017 in Linux

Any one who has used a computer for a good amount of time has overwritten a file. A late night mv command typo'd, a drag and drop misclick. Even if you stop using the drive straight away, most disk recovery tools won't look for files that have been overwritten rather than straight up deleted. But with a bit of luck, you can use one of the simplest linux command line tools to recover your precious files!

Just a heads up before we start, this method only really works on text files. Binary files, such as music and video, are a little more difficult to search for!

The most important thing is to stop writing to the file system as soon as possible! Unplug it, power it off, STOP USING IT!

To begin with, have your device in a working linux install, but unmounted. You need to know the rough length of the file, and a small amount of text from within the file. The more you can remember, the less junk you'll have to search through.

The command we'll be using is grep. Grep can search through binary files (such as block devices!) for text strings. It has a few …


Continue reading