zlacker

[parent] [thread] 1 comments
1. smarx0+(OP)[view] [source] 2025-01-05 15:21:54
I think podman does not punch holes in the firewall as opposed to docker. I.e., to expose a container on port 8080 on the WAN in podman, you need to both expose 8080:8080 and use, for example, firewalld to open port 8080. Which I consider a correct behaviour.
replies(1): >>diggan+t
2. diggan+t[view] [source] 2025-01-05 15:25:25
>>smarx0+(OP)
Sure, but the issue here wasn't because the default behavior surprised OP. OP needed a service that was accessible from a remote endpoint, so they needed to have some connection open. They just (for some reason) chose to do it over public internet instead of a private network.

But regardless of software used, it would have led to the same conclusion, a vulnerable service running on the open internet.

[go to top]