UFW blocks Podman connections

[dennemark]

Hi,
I try to get podman running on a vps. I have simple UFW rules that open ports 80 and 443. If I check the logs I get
KERNEL: [UFW BLOCK] IN=eth0 OUT=podman0
When I set
sudo ufw default allow FORWARD
UFW does not block connections anymore, but it does not feel save.
I found this post, but am not sure how to implement this for UFW.
https://access.redhat.com/solutions/5885821

:CNI-FORWARD - [0:0]
-A CNI-FORWARD  -o cni-podman0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A CNI-FORWARD  -o cni-podman0 -j ACCEPT
-A CNI-FORWARD -i cni-podman0 ! -o cni-podman0 -j ACCEPT
-A CNI-FORWARD -i cni-podman0 -o cni-podman0 -j ACCEPT

I also found this (and a lot of other resources):
https://stackoverflow.com/questions/70870689/configure-ufw-for-podman-on-port-443
ufw route allow in on eth0 out on cni-podman0 to any port 27017
but then what is port 27017?

How are others running podman on ubuntu? I get a shiver with docker avoiding ufw, especially when running a db. I prefer to use podman instead.

[Luap99]

I don't know anything about ufw so I cannot really help how to do that with ufw. I just like to mention that we removed support for cni upstream and use netavark now only. And netavark supports using the nftables driver to create firewall rules so maybe that helps instead.