frodovdr/csf-post-docker
1
0
Fork 0
mirror of https://github.com/juliengk/csf-post-docker.git synced 2023-10-10 13:37:41 +02:00
Code Issues Releases Wiki Activity

Merge branch 'ian-ozzie-add-ip-binding'

Browse Source
This commit is contained in:
Julien Kassar 2016-04-27 20:30:13 -04:00
commit 350d60b1a9
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docker.sh
View File

@ -53,7 +53,12 @@ if [ `echo ${containers} | wc -c` -gt "1" ] ; then
iptables -A DOCKER -d ${ipaddr}/32 ! -i ${DOCKER_INT} -o ${DOCKER_INT} -p ${dst_proto} -m ${dst_proto} --dport ${dst_port} -j ACCEPT iptables -A DOCKER -d ${ipaddr}/32 ! -i ${DOCKER_INT} -o ${DOCKER_INT} -p ${dst_proto} -m ${dst_proto} --dport ${dst_port} -j ACCEPT
iptables -t nat -A POSTROUTING -s ${ipaddr}/32 -d ${ipaddr}/32 -p ${dst_proto} -m ${dst_proto} --dport ${dst_port} -j MASQUERADE iptables -t nat -A POSTROUTING -s ${ipaddr}/32 -d ${ipaddr}/32 -p ${dst_proto} -m ${dst_proto} --dport ${dst_port} -j MASQUERADE
if [ $src_ip = "0.0.0.0" ] ; then
iptables -t nat -A DOCKER ! -i ${DOCKER_INT} -p ${dst_proto} -m ${dst_proto} --dport ${src_port} -j DNAT --to-destination ${ipaddr}:${dst_port} iptables -t nat -A DOCKER ! -i ${DOCKER_INT} -p ${dst_proto} -m ${dst_proto} --dport ${src_port} -j DNAT --to-destination ${ipaddr}:${dst_port}
else
iptables -t nat -A DOCKER -d ${src_ip}/32 ! -i ${DOCKER_INT} -p ${dst_proto} -m ${dst_proto} --dport ${src_port} -j DNAT --to-destination ${ipaddr}:${dst_port}
fi
done done
fi fi
done done