commit 9199bf94b7aa63d4c066d6d6a450837acc16d8cd
Author: gyurix <gyorgy.berenyi@format.hu>
Date:   Mon Dec 7 14:18:32 2020 +0000

    Build files and executables for firewall containers

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a9327a9
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,4 @@
+FROM firewall:latest
+MAINTAINER gyurix
+COPY firewall /firewall
+ENTRYPOINT ["/firewall/firewall-add"]
diff --git a/firewall/firewall-add b/firewall/firewall-add
new file mode 100755
index 0000000..74d23f8
--- /dev/null
+++ b/firewall/firewall-add
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+CHAIN=$CHAIN
+COMMENT=$COMMENT
+PROTOCOL=$TYPE
+
+##############################
+
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+##############################
+
+# 
+if /sbin/iptables-legacy --list $CHAIN |grep ESTABLISHED |grep RELATED|grep ACCEPT ;
+        then : ;
+	        else /sbin/iptables-legacy -I $CHAIN -m state --state established,related -j ACCEPT;
+fi
+
+###############################
+
+COUNT=1
+
+COUNT_SOURCE_IP=$(set |grep SOURCE_IP |wc -l)
+COUNT_TARGET_IP=$(set |grep TARGET_IP |wc -l)
+COUNT_TARGET_PORT=$(set |grep TARGET_PORT |wc -l)
+
+if [[ $COUNT_SOURCE_IP -ge $COUNT_TARGET_IP ]] ; then
+        if [[ $COUNT_SOURCE_IP -ge $COUNT_TARGET_PORT ]] ; then
+                COUNT=$COUNT_SOURCE_IP
+        else
+                if [[ $COUNT_TARGET_IP -ge $COUNT_TARGET_PORT ]] ; then
+                        COUNT=$COUNT_TARGET_IP
+                else
+                        COUNT=$COUNT_TARGET_PORT
+                fi 
+        fi 
+else # not ge
+        if [[ $COUNT_TARGET_IP -ge $COUNT_TARGET_PORT ]] ; then
+                COUNT=$COUNT_TARGET_IP
+        else
+                COUNT=$COUNT_TARGET_PORT
+        fi 
+fi
+
+for i in $(seq 1 $COUNT) ; do                                                                       
+                                                                                                    
+	if set |grep SOURCE_IP_ ; then
+		SOURCE_IP=$(eval "echo \${"SOURCE_IP_$i"}")
+	fi
+	if set |grep TARGET_IP_ ; then
+		TARGET_IP=$(eval "echo \${"TARGET_IP_$i"}")                 
+	fi                                                                               
+	if set |grep TARGET_PORT_ ; then
+		TARGET_PORT=$(eval "echo \${"TARGET_PORT_$i"}")
+	fi
+
+	# DELETE UNECESSARY LINES FROM PREVIOUS RULES
+	LINES=$(/sbin/iptables-legacy --line-number -n --list $CHAIN | grep "$SOURCE_IP |grep $TARGET_IP |grep $PROTOCOL |grep $TARGET_PORT" | awk '{print $1}')
+
+	if [ -n "$LINES" ] ; then
+        	for n in $(seq 1 $LINES); do 
+                	/sbin/iptables-legacy -D --list $CHAIN $n
+                	sleep 0.1
+        	done
+	fi
+
+	# CREATE PORT FORWARD RULES
+	/sbin/iptables-legacy -I $CHAIN -s $SOURCE_IP -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j ACCEPT      
+
+done