Created
May 27, 2021 17:31
-
-
Save jonathanmmm/9a6192ec32588bb691ef6f082e33d7aa to your computer and use it in GitHub Desktop.
functions.sh please call it via ./ not via sh as sh does not always calls bash and sh does not understand arrays.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#set -e | |
## SEE https://medium.com/@ebuschini/iptables-and-docker-95e2496f0b45 | |
## You need to add rules in DOCKER-BLOCK AND INPUT for traffic that does not go to a container. | |
## You only need to add one rule if the traffic goes to the container | |
#CWD=$(cd "$(dirname "${0}")"; pwd -P) | |
#FILE="${CWD}/$(basename "${0}")" | |
#chown root:root "${FILE}" | |
#chmod o-rwx "${FILE}" | |
#set -x | |
allow_acess_to_docker_tcp_port () { | |
IFS=, | |
local -n port_list=$1 | |
local -n interface_list=$2 | |
for interface in "${interface_list[@]}" | |
do | |
echo "interface:" $interface | |
path="/sys/class/net/" | |
path+=$interface | |
if [ -d $path ] | |
then | |
echo "Interface" $interface "exists!" | |
for port in "${port_list[@]}" | |
do | |
echo "enabling tcp port" $port" for:"$interface | |
/sbin/iptables -t filter -A INPUT -i $interface -p tcp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT | |
done | |
else | |
echo "does not exist" | |
#if interface is valid ipv4 address with or without submask | |
if [[ $interface =~ ^(((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(((\/([4-9]|[12][0-9]|3[0-2]))?)|\s?-\s?((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))))(,\s?|$))+ ]]; then | |
echo "found ip address: "$interface", will enable access to tcp port:"$port | |
/sbin/iptables -t filter -A INPUT -s $interface -p tcp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT | |
else | |
echo "fail" | |
fi | |
fi | |
echo "------------------" | |
done | |
} | |
allow_acess_to_docker_udp_port () { | |
IFS=, | |
local -n port_list=$1 | |
local -n interface_list=$2 | |
for interface in "${interface_list[@]}" | |
do | |
echo "interface:" $interface | |
path="/sys/class/net/" | |
path+=$interface | |
if [ -d $path ] | |
then | |
echo "Interface" $interface "exists!" | |
for port in "${port_list[@]}" | |
do | |
echo "enabling udp port" $port" for:"$interface | |
/sbin/iptables -t filter -A INPUT -i $interface -p udp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT | |
done | |
else | |
echo "does not exist" | |
#if interface is valid ipv4 address with or without submask | |
if [[ $interface =~ ^(((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(((\/([4-9]|[12][0-9]|3[0-2]))?)|\s?-\s?((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))))(,\s?|$))+ ]]; then | |
echo "found ip address: "$interface", will enable access to udp port:"$port | |
/sbin/iptables -t filter -A INPUT -s $interface -p udp -m tcp --dport $port -m state --state NEW,ESTABLISHED -j ACCEPT | |
else | |
echo "interface " $interface "is not valid ip or not an interface that exists right now" | |
fi | |
fi | |
echo "-------------------" | |
done | |
} | |
echo "functions loaded" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment