allow additional ports in/out

pull/42/head 4.2.3-1-03
binhex 5 years ago
parent 9aa6ce97e3
commit 764755546c

@ -35,6 +35,7 @@ docker run -d \
-e ENABLE_PRIVOXY=<yes|no> \
-e LAN_NETWORK=<lan ipv4 network>/<cidr notation> \
-e NAME_SERVERS=<name server ip(s)> \
-e ADDITIONAL_PORTS=<port number(s)> \
-e DEBUG=<true|false> \
-e WEBUI_PORT=<port for web interfance> \
-e UMASK=<umask for created files> \
@ -76,6 +77,7 @@ docker run -d \
-e ENABLE_PRIVOXY=yes \
-e LAN_NETWORK=192.168.1.0/24 \
-e NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1 \
-e ADDITIONAL_PORTS=1234 \
-e DEBUG=false \
-e WEBUI_PORT=8080 \
-e UMASK=000 \
@ -120,6 +122,7 @@ docker run -d \
-e ENABLE_PRIVOXY=yes \
-e LAN_NETWORK=192.168.1.0/24 \
-e NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1 \
-e ADDITIONAL_PORTS=1234 \
-e DEBUG=false \
-e WEBUI_PORT=8080 \
-e UMASK=000 \

@ -297,6 +297,13 @@ if [[ $VPN_ENABLED == "yes" ]]; then
export ENABLE_PRIVOXY="no"
fi
export ADDITIONAL_PORTS=$(echo "${ADDITIONAL_PORTS}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')
if [[ ! -z "${ADDITIONAL_PORTS}" ]]; then
echo "[info] ADDITIONAL_PORTS defined as '${ADDITIONAL_PORTS}'" | ts '%Y-%m-%d %H:%M:%.S'
else
echo "[info] ADDITIONAL_PORTS not defined (via -e ADDITIONAL_PORTS), skipping allow for custom incoming ports" | ts '%Y-%m-%d %H:%M:%.S'
fi
fi
export WEBUI_PORT=$(echo "${WEBUI_PORT}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')

@ -92,6 +92,28 @@ iptables -A INPUT -i "${docker_interface}" -p $VPN_PROTOCOL --sport $VPN_PORT -j
iptables -A INPUT -i "${docker_interface}" -p tcp --dport "${WEBUI_PORT}" -j ACCEPT
iptables -A INPUT -i "${docker_interface}" -p tcp --sport "${WEBUI_PORT}" -j ACCEPT
# additional port list for scripts or container linking
if [[ ! -z "${ADDITIONAL_PORTS}" ]]; then
# split comma separated string into list from ADDITIONAL_PORTS env variable
IFS=',' read -ra additional_port_list <<< "${ADDITIONAL_PORTS}"
# process additional ports in the list
for additional_port_item in "${additional_port_list[@]}"; do
# strip whitespace from start and end of additional_port_item
additional_port_item=$(echo "${additional_port_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')
echo "[info] Adding additional incoming port ${additional_port_item} for ${docker_interface}"
# accept input to additional port for "${docker_interface}"
iptables -A INPUT -i "${docker_interface}" -p tcp --dport "${additional_port_item}" -j ACCEPT
iptables -A INPUT -i "${docker_interface}" -p tcp --sport "${additional_port_item}" -j ACCEPT
done
fi
# process lan networks in the list
for lan_network_item in "${lan_network_list[@]}"; do
@ -154,6 +176,28 @@ fi
iptables -A OUTPUT -o "${docker_interface}" -p tcp --dport "${WEBUI_PORT}" -j ACCEPT
iptables -A OUTPUT -o "${docker_interface}" -p tcp --sport "${WEBUI_PORT}" -j ACCEPT
# additional port list for scripts or container linking
if [[ ! -z "${ADDITIONAL_PORTS}" ]]; then
# split comma separated string into list from ADDITIONAL_PORTS env variable
IFS=',' read -ra additional_port_list <<< "${ADDITIONAL_PORTS}"
# process additional ports in the list
for additional_port_item in "${additional_port_list[@]}"; do
# strip whitespace from start and end of additional_port_item
additional_port_item=$(echo "${additional_port_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')
echo "[info] Adding additional outgoing port ${additional_port_item} for ${docker_interface}"
# accept output to additional port for lan interface
iptables -A OUTPUT -o "${docker_interface}" -p tcp --dport "${additional_port_item}" -j ACCEPT
iptables -A OUTPUT -o "${docker_interface}" -p tcp --sport "${additional_port_item}" -j ACCEPT
done
fi
# process lan networks in the list
for lan_network_item in "${lan_network_list[@]}"; do

Loading…
Cancel
Save