# drop all inbound/outbound packet for this specific interface#
$ iptables -I DOCKER-USER -i $interface -j DROP# allow outbound packet for this specific interface
$ iptables -I DOCKER-USER -o $interface -j ACCEPT
Thomas Milox TommyStarK
TommyStarK
/ docker_container_iptables.md
Last active
August 11, 2019 16:53
Docker container_iptables
TommyStarK
/ readme.md
Created
August 11, 2019 17:04
Linux firewall (docker swarm example with 3 vms)
- on VM1 (node manager)
# communication between the nodes of a Docker Swarm or cluster. It only needs to be opened on manager nodes.
$ sudo ufw allow proto tcp from <VM2 IP> to <VM1 IP> port 2377
$ sudo ufw allow proto tcp from <VM3 IP> to <VM1 IP> port 2377
# communication among nodes (container network discovery).
$ sudo ufw allow proto tcp to <VM1 IP> port 7946
$ sudo ufw allow proto udp to <VM1 IP> port 7946
TommyStarK
/ readme.md
Last active
July 26, 2020 15:01
Git - fork migratory (upstream changed, new fork = new origin)
$ git remote rename upstream old-upstream
$ git remote add upstream <repo_URL>
$ git remote rename origin old-origin
$ git remote add origin <fork_URL>
$ git push -u origin --all
$ git remote remove old-upstream
$ git remote remove old-origin
TommyStarK
/ new_linux_user_with_ssh_access_and_docker_permissions_granted.md
Last active
July 26, 2020 15:02
Create new user on linux with ssh access and grant docker permissions
$ ssh -p PORT ADMIN_USER@HOST
$ sudo groupadd USER
$ sudo useradd --home /home/USER --create-home --groups USER,docker --gid USER --shell /bin/bash USER
$ cd /home/USER
$ sudo mkdir .ssh
$ sudo cat USER_SSH_PUB_KEY >> .ssh/authorized_keys
$ sudo chown -R USER:USER .ssh
TommyStarK
/ delete_git_submodule.md
Created
January 18, 2021 18:18
— forked from myusuf3/delete_git_submodule.md
How effectively delete a git submodule.
To remove a submodule you need to:
- Delete the relevant section from the .gitmodules file.
- Stage the .gitmodules changes git add .gitmodules
- Delete the relevant section from .git/config.
- Run git rm --cached path_to_submodule (no trailing slash).
- Run rm -rf .git/modules/path_to_submodule (no trailing slash).
- Commit git commit -m "Removed submodule "
- Delete the now untracked submodule files rm -rf path_to_submodule
TommyStarK
/ git-repo-demo.yaml
Created
January 21, 2021 13:30
— forked from tallclair/git-repo-demo.yaml
More secure GitRepo volumes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example of using an InitContainer in place of a GitRepo volume. | |
| # Unilke GitRepo volumes, this approach runs the git command in a container, | |
| # with the associated hardening. | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: git-repo-demo | |
| annotations: | |
| seccomp.security.alpha.kubernetes.io/pod: 'docker/default' | |
| spec: |