allow additional ports in/out

README.md

@@ -35,6 +35,7 @@ docker run -d \
     -e ENABLE_PRIVOXY=<yes|no> \
     -e LAN_NETWORK=<lan ipv4 network>/<cidr notation> \
     -e NAME_SERVERS=<name server ip(s)> \
+    -e ADDITIONAL_PORTS=<port number(s)> \
     -e DEBUG=<true|false> \
     -e WEBUI_PORT=<port for web interfance> \
     -e UMASK=<umask for created files> \
@@ -76,6 +77,7 @@ docker run -d \
     -e ENABLE_PRIVOXY=yes \
     -e LAN_NETWORK=192.168.1.0/24 \
     -e NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1 \
+    -e ADDITIONAL_PORTS=1234 \
     -e DEBUG=false \
     -e WEBUI_PORT=8080 \
     -e UMASK=000 \
@@ -120,6 +122,7 @@ docker run -d \
     -e ENABLE_PRIVOXY=yes \
     -e LAN_NETWORK=192.168.1.0/24 \
     -e NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1 \
+    -e ADDITIONAL_PORTS=1234 \
     -e DEBUG=false \
     -e WEBUI_PORT=8080 \
     -e UMASK=000 \

build/root/install.sh

@@ -297,6 +297,13 @@ if [[ $VPN_ENABLED == "yes" ]]; then
 		export ENABLE_PRIVOXY="no"
 	fi
 
+	export ADDITIONAL_PORTS=$(echo "${ADDITIONAL_PORTS}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')
+	if [[ ! -z "${ADDITIONAL_PORTS}" ]]; then
+			echo "[info] ADDITIONAL_PORTS defined as '${ADDITIONAL_PORTS}'" | ts '%Y-%m-%d %H:%M:%.S'
+	else
+			echo "[info] ADDITIONAL_PORTS not defined (via -e ADDITIONAL_PORTS), skipping allow for custom incoming ports" | ts '%Y-%m-%d %H:%M:%.S'
+	fi
+
 fi
 
 export WEBUI_PORT=$(echo "${WEBUI_PORT}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')

run/root/iptable.sh

@@ -92,6 +92,28 @@ iptables -A INPUT -i "${docker_interface}" -p $VPN_PROTOCOL --sport $VPN_PORT -j
 iptables -A INPUT -i "${docker_interface}" -p tcp --dport "${WEBUI_PORT}" -j ACCEPT
 iptables -A INPUT -i "${docker_interface}" -p tcp --sport "${WEBUI_PORT}" -j ACCEPT
 
+# additional port list for scripts or container linking
+if [[ ! -z "${ADDITIONAL_PORTS}" ]]; then
+
+	# split comma separated string into list from ADDITIONAL_PORTS env variable
+	IFS=',' read -ra additional_port_list <<< "${ADDITIONAL_PORTS}"
+
+	# process additional ports in the list
+	for additional_port_item in "${additional_port_list[@]}"; do
+
+		# strip whitespace from start and end of additional_port_item
+		additional_port_item=$(echo "${additional_port_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')
+
+		echo "[info] Adding additional incoming port ${additional_port_item} for ${docker_interface}"
+
+		# accept input to additional port for "${docker_interface}"
+		iptables -A INPUT -i "${docker_interface}" -p tcp --dport "${additional_port_item}" -j ACCEPT
+		iptables -A INPUT -i "${docker_interface}" -p tcp --sport "${additional_port_item}" -j ACCEPT
+
+	done
+
+fi
+
 # process lan networks in the list
 for lan_network_item in "${lan_network_list[@]}"; do
 
@@ -154,6 +176,28 @@ fi
 iptables -A OUTPUT -o "${docker_interface}" -p tcp --dport "${WEBUI_PORT}" -j ACCEPT
 iptables -A OUTPUT -o "${docker_interface}" -p tcp --sport "${WEBUI_PORT}" -j ACCEPT
 
+# additional port list for scripts or container linking
+if [[ ! -z "${ADDITIONAL_PORTS}" ]]; then
+
+	# split comma separated string into list from ADDITIONAL_PORTS env variable
+	IFS=',' read -ra additional_port_list <<< "${ADDITIONAL_PORTS}"
+
+	# process additional ports in the list
+	for additional_port_item in "${additional_port_list[@]}"; do
+
+		# strip whitespace from start and end of additional_port_item
+		additional_port_item=$(echo "${additional_port_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')
+
+		echo "[info] Adding additional outgoing port ${additional_port_item} for ${docker_interface}"
+
+		# accept output to additional port for lan interface
+		iptables -A OUTPUT -o "${docker_interface}" -p tcp --dport "${additional_port_item}" -j ACCEPT
+		iptables -A OUTPUT -o "${docker_interface}" -p tcp --sport "${additional_port_item}" -j ACCEPT
+
+	done
+
+fi
+
 # process lan networks in the list
 for lan_network_item in "${lan_network_list[@]}"; do