I just have a quick question about Docker Compose. I have a Nftables firewall installed on my server and regarding the input and forward chain the default drop policy loaded. Until now everything has always worked but today I wanted to install the NginX Proxy Manager, but when I log in I get a "Bad Gateway" Error. I think that the Docker-Compose containers (MySQL and Nginx) can't communicate with each other because of NFT. Without firewall everything fits. I am now wondering how to solve the problem or what nft rules I need. Below is my nft config. wg stands for WireGuard.
Thanks Jonathan :)
table inet basic-filter {
chain input {
type filter hook input priority 0; policy drop;
ct state { established, related } accept
iif lo accept
ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept
meta l4proto ipv6-icmp accept
iif $pub_iface tcp dport 51829 accept
iif $pub_iface udp dport $wg_port accept
iifname $wg_iface accept
ct state invalid drop
reject
}
chain forward {
type filter hook forward priority 0; policy drop;
ct state { established, related } accept
iifname $wg_iface ip saddr 10.212.0.0/16 ip daddr 10.212.0.0/16 oifname $wg_iface accept
iifname $wg_iface oifname $pub_iface accept
ct state invalid drop
reject with icmpx type host-unreachable
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
iifname $wg_iface oifname $pub_iface masquerade
}
