1. For all the mentioned cases, if your firewall blocks incoming packets by default, no one can access it, no matter what is the source of the port being open.

2. You don’t configure it on the docker level, at least if you care about outside connections. If you mean from your local computer to a docker container, by default you cannot connect, unless you expose the port to the system. If you mean from other docker containers, just create your own separate network to run the container in and even docker containers cannot access the ports.

3. I usually use netstat -tulpn, it lists all ports, not only docker, but docker is included. docker ps should also show all exposed ports and their mappings.

In general, all docker containers run on some internal docker network. Either the default or a custom one. The network’s ports don’t interfere with your own, that’s why you can have 20 nginx servers running in a docker container on the same port. When you bind a port in docker, you basically create a bridge from the docker network to your PC’s local network. So now anything that can connect to your PC can also connect to the service. And if you allow connection to the port from outside the network, it will work as well. Note that port forwarding on your router must be set up.

So in conclusion, to actually make a service running in docker visible to the public internet, you need to do quite a few steps!

• bind a port to your local host
• have your local firewall allow connection to the port
• have your router set up to forward connections on the port to your machine

On Linux, local firewall is usually disabled by default, but the other two steps require you to actively change the default config. And you mention that all incoming traffic is dropped using UFW, so all three parts should be covered.

I’m using Proton mail, I like their focus on privacy and e2e (only with other Proton users, though).

I mean, if it’s Hungary who pushes it, countries will be against it just on principle of Hungary proposing it.

All five of them.

Doesn’t it break a lot of things? Half the stuff refuses to work when some specific files have too permissive chmod.

I was talking about Nintendo, they constantly sue people (and other companies) for obscure amounts of money just because they’re rich and can afford it.

Well, Fedora 40 here as well and it just doesn’t work on my computer. Sure, Nvidia, blah blah blah. X does work flawlessly on my machine, though.

Like trying to destroy people’s lives so they can make a few dollars.

We use .lh, short for localhost. For local network services I use service discovery and .local. And for internal stuff we just use a subdomain of our domain.

I personally only turn it off when someone’s visiting over night and the noise disturbs them, otherwise I just leave it on nonstop. Mainly because it would annoy me to try to open whatever and find out I have to turn on the server first. I don’t have a UPS and never even thought about getting one (for the server, I’m thinking of getting one for my 3D printer).

It’s really similar to Windows in how you use it. Switching between Windows 11 and Cinnamon is as seamless as it can be.

There’s almost no configuration or anything necessary, you just install it and it’s great.

Start recommending Cinnamon then, it’s the best DE when switching from Windows.