-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfirewall_setup.sh
More file actions
executable file
·32 lines (28 loc) · 973 Bytes
/
firewall_setup.sh
File metadata and controls
executable file
·32 lines (28 loc) · 973 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/bin/bash
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
if [ -z "$NIC_NAME" ]; then
NIC_NAME=eth0
fi
if [ -z "$PROXY_PORT"]; then
PROXY_PORT=18000
fi
PROXY_IP=$(ip addr | grep inet | grep ${NIC_NAME} | awk -F" " '{print $2}'| sed -e 's/\/.*$//')
# Drop any traffic to the proxy service that is NOT coming from docker containers
iptables \
-I INPUT \
-p tcp \
--dport ${PROXY_PORT} \
! -i docker0 \
-j DROP
# Redirect any requests from docker containers to the proxy service
iptables \
-t nat \
-I PREROUTING \
-p tcp \
-d 169.254.169.254 --dport 80 \
-j DNAT \
--to-destination ${PROXY_IP}:${PROXY_PORT} \
-i docker0