hostinger-cloud-firewall-is-upstream-gate-docker-bindings-not-exposed
Hostinger runs an upstream cloud firewall that only permits 22/80/443/18789/ICMP — Docker containers bound to 0.0.0.0 on other ports are NOT reachable from the public internet because the cloud firewall drops packets before they reach the VM. UFW is a second layer, DOCKER-USER iptables is a third layer. Defense-in-depth is already active; the cloud firewall is the primary gate and is configured separately from anything inside the VM.
Related
- hostinger-cloud-firewall-is-upstream-gate-not-ufw
- docker
- docker-iptables-bypasses-ufw-docker-user-chain-required
- docker-iptables-bypasses-ufw-requires-docker-user-chain
- researchclaw-dedicated-container-isolation-requirement
- hairpin-nat-test-invalid-for-external-port-exposure-check
- hairpin-nat-makes-vps-self-port-tests-unreliable