frodovdr/csf-post-docker
1
0
Fork 0
mirror of https://github.com/juliengk/csf-post-docker.git synced 2023-10-10 11:37:41 +00:00
Code Issues Releases Wiki Activity

Refactor one iptables rule

Browse Source
This commit is contained in:
Julien Kassar
2016-11-01 17:46:17 -04:00
parent 26b38436db
commit 4c4fa1fe63
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docker.sh
View File

@@ -70,9 +70,9 @@ if [ `echo ${containers} | wc -c` -gt "1" ]; then
add_to_docker_isolation ${DOCKER_NET_INT} ${DOCKER_INT} add_to_docker_isolation ${DOCKER_NET_INT} ${DOCKER_INT}
for net in `docker network ls | awk '{ print $2 }' | grep -Ev "bridge|host|null|ID|${netmode}"`; do for net in `docker network ls | awk '{ print $2 }' | grep -Ev "bridge|host|null|ID|${netmode}"`; do
DINT="br-$(docker network inspect -f '{{.Id}}' ${net} | cut -c -12)" dint="br-$(docker network inspect -f '{{.Id}}' ${net} | cut -c -12)"
add_to_docker_isolation ${DOCKER_NET_INT} ${DINT} add_to_docker_isolation ${DOCKER_NET_INT} ${dint}
done done
add_to_forward ${DOCKER_NET_INT} add_to_forward ${DOCKER_NET_INT}
@@ -100,11 +100,11 @@ if [ `echo ${containers} | wc -c` -gt "1" ]; then
iptables -t nat -A POSTROUTING -s ${ipaddr}/32 -d ${ipaddr}/32 -p ${dst_proto} -m ${dst_proto} --dport ${dst_port} -j MASQUERADE iptables -t nat -A POSTROUTING -s ${ipaddr}/32 -d ${ipaddr}/32 -p ${dst_proto} -m ${dst_proto} --dport ${dst_port} -j MASQUERADE
if [ $src_ip == "0.0.0.0" ]; then iptables_opt_src=""
iptables -t nat -A DOCKER ! -i ${DOCKER_NET_INT} -p ${dst_proto} -m ${dst_proto} --dport ${src_port} -j DNAT --to-destination ${ipaddr}:${dst_port} if [ ${src_ip} != "0.0.0.0" ]; then
else iptables_opt_src="-d ${src_ip}/32 "
iptables -t nat -A DOCKER -d ${src_ip}/32 ! -i ${DOCKER_NET_INT} -p ${dst_proto} -m ${dst_proto} --dport ${src_port} -j DNAT --to-destination ${ipaddr}:${dst_port}
fi fi
iptables -t nat -A DOCKER ${iptables_opt_src}! -i ${DOCKER_NET_INT} -p ${dst_proto} -m ${dst_proto} --dport ${src_port} -j DNAT --to-destination ${ipaddr}:${dst_port}
done done
fi fi
done done