IT

If you run Docker on production servers, sooner or later you will notice that Docker automatically modifies iptables rules. In many cases this behaviour is convenient, but sometimes it makes it difficult to control network access the way you want.

Running OpenClaw directly on your host system is risky. The service has full access to your filesystem and the environment in which it runs. This is powerful — but potentially destructive. Treat it like any other automation tool with shell-level capabilities. Modern AI agents are designed to read files, execute commands and interact with network services. While this makes them extremely useful for automation, it also means that a misconfiguration, prompt injection or malicious extension could potentially affect the entire system. Because of this, the safest approach is to run such tools inside an isolated environment where mistakes cannot easily damage the host system.

New project — new challenge. For this project I got UAP-AC-Pro, UAP-AC-Lite and UAP-Outdoor+. How to install and configure them you can easily find on the Ubiquiti website. This post is about the hard way — when you don't buy the full ecosystem and need a custom solution.

When starting 150+ Docker containers with docker-compose, I encountered a strange problem: "Could not generate persistent MAC address".

How to protect iptables when using docker-compose . By default, Docker dynamically modifies iptables rules, which prevents normal firewall management. Many guides suggest saving Docker rules and restoring them later — I don't think this is a good approach. If Docker cannot handle firewall tasks properly, let's free it from this responsibility. See also docker-compose demonization with systemd .

Easy way to (auto)start your infrastructure with docker-compose . Very useful for development, review servers, pre-prod, or test environments. Also includes tips on protecting iptables when using docker-compose .