How do you manage firewall rules on Docker hosts?

Asking this question in this forum, since there a probably quite a few users with similar configurations.

Before I start some information on my setup:

  • NUC with Ubuntu
  • Docker on that NUC
  • Also KVM
  • Primary Interface is a bridge
  • VLAN also setup
  • Reverse Proxy
  • Doesn’t even matter that much

Now to my question: how do you manage your firewall on Ubuntu machines with Docker / KVM installed?
The reason I’m asking is, that Docker (and KVM) generate their own iptables rules. I’m fine with that. But this has the drawback, that tools like fwbuilder or Gufw collide with what Docker is doing.
I am aware of tutorials on how to stop Docker from managing its own iptables rules. But that would mean I would have to take care of those too, and for that I’m too lazy.
Currently I’m doing my rules that I need manually via shell. To make them persistent I use iptables-persistent. That way Docker and KVM can do whatever they want, and my rules just get added to that.

To me it feels like there could be a better solution for managing persistent firewall rules without having to take care about Docker. So maybe someone here has the ideal setup which I could apply to mine. :slightly_smiling_face: