jonathanmmm/gist:9a6192ec32588bb691ef6f082e33d7aa

## gistfile1.txt
#!/bin/bash
#set -e

## SEE https://medium.com/@ebuschini/iptables-and-docker-95e2496f0b45

## You need to add rules in DOCKER-BLOCK AND INPUT for traffic that does not go to a container.
## You only need to add one rule if the traffic goes to the container

#CWD=$(cd "$(dirname "${0}")"; pwd -P)
#FILE="${CWD}/$(basename "${0}")"
#chown root:root "${FILE}"
#chmod o-rwx "${FILE}"

#set -x


allow_acess_to_docker_tcp_port () {
IFS=,
local -n port_list=$1
local -n interface_list=$2
for interface in "${interface_list[@]}"
do
    echo "interface:" $interface
    path="/sys/class/net/"
    path+=$interface
    if [ -d $path ]
    then
        echo "Interface" $interface "exists!"
        for port in "${port_list[@]}"
        do
            echo "enabling tcp port" $port" for:"$interface
            /sbin/iptables -t filter -A INPUT -i $interface -p tcp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT
        done
    else
        echo "does not exist"
        #if interface is valid ipv4 address with or without submask
        if [[ $interface =~ ^(((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(((\/([4-9]|[12][0-9]|3[0-2]))?)|\s?-\s?((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))))(,\s?|$))+ ]]; then
             echo "found ip address: "$interface", will enable access to tcp port:"$port
             /sbin/iptables -t filter -A INPUT -s $interface -p tcp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT
        else
            echo "fail"
        fi
    fi
echo "------------------"
done
}
allow_acess_to_docker_udp_port () {
IFS=,
local -n port_list=$1
local -n interface_list=$2
for interface in "${interface_list[@]}"
do
    echo "interface:" $interface
    path="/sys/class/net/"
    path+=$interface
    if [ -d $path ]
    then
        echo "Interface" $interface "exists!"
        for port in "${port_list[@]}"
        do
            echo "enabling udp port" $port" for:"$interface
            /sbin/iptables -t filter -A INPUT -i $interface -p udp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT
        done
    else
        echo "does not exist"
        #if interface is valid ipv4 address with or without submask
        if [[ $interface =~ ^(((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(((\/([4-9]|[12][0-9]|3[0-2]))?)|\s?-\s?((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))))(,\s?|$))+ ]]; then
             echo "found ip address: "$interface", will enable access to udp port:"$port
             /sbin/iptables -t filter -A INPUT -s $interface -p udp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT
        else
            echo "interface " $interface "is not valid ip or not an interface that exists right now"
        fi
    fi
echo "-------------------"
done
}
echo "functions loaded"
	#!/bin/bash
	#set -e

	## SEE https://medium.com/@ebuschini/iptables-and-docker-95e2496f0b45

	## You need to add rules in DOCKER-BLOCK AND INPUT for traffic that does not go to a container.
	## You only need to add one rule if the traffic goes to the container

	#CWD=$(cd "$(dirname "${0}")"; pwd -P)
	#FILE="${CWD}/$(basename "${0}")"
	#chown root:root "${FILE}"
	#chmod o-rwx "${FILE}"

	#set -x




	allow_acess_to_docker_tcp_port () {
	IFS=,
	local -n port_list=$1
	local -n interface_list=$2
	for interface in "${interface_list[@]}"
	do
	echo "interface:" $interface
	path="/sys/class/net/"
	path+=$interface
	if [ -d $path ]
	then
	echo "Interface" $interface "exists!"
	for port in "${port_list[@]}"
	do
	echo "enabling tcp port" $port" for:"$interface
	/sbin/iptables -t filter -A INPUT -i $interface -p tcp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT
	done
	else
	echo "does not exist"
	#if interface is valid ipv4 address with or without submask
	if [[ $interface =~ ^(((([0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])(((\/([4-9]\|[12][0-9]\|3[0-2]))?)\|\s?-\s?((([0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5]))))(,\s?\|$))+ ]]; then
	echo "found ip address: "$interface", will enable access to tcp port:"$port
	/sbin/iptables -t filter -A INPUT -s $interface -p tcp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT
	else
	echo "fail"
	fi
	fi
	echo "------------------"
	done
	}
	allow_acess_to_docker_udp_port () {
	IFS=,
	local -n port_list=$1
	local -n interface_list=$2
	for interface in "${interface_list[@]}"
	do
	echo "interface:" $interface
	path="/sys/class/net/"
	path+=$interface
	if [ -d $path ]
	then
	echo "Interface" $interface "exists!"
	for port in "${port_list[@]}"
	do
	echo "enabling udp port" $port" for:"$interface
	/sbin/iptables -t filter -A INPUT -i $interface -p udp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT
	done
	else
	echo "does not exist"
	#if interface is valid ipv4 address with or without submask
	if [[ $interface =~ ^(((([0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])(((\/([4-9]\|[12][0-9]\|3[0-2]))?)\|\s?-\s?((([0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9]{2}\|2[0-4][0-9]\|25[0-5]))))(,\s?\|$))+ ]]; then
	echo "found ip address: "$interface", will enable access to udp port:"$port
	/sbin/iptables -t filter -A INPUT -s $interface -p udp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT
	else
	echo "interface " $interface "is not valid ip or not an interface that exists right now"
	fi
	fi
	echo "-------------------"
	done
	}
	echo "functions loaded"