safebox/firewall_containers
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changing execution order of rules

Browse Source
This commit is contained in:
Gyorgy Berenyi
2022-03-21 10:36:00 +00:00
parent 47eea279ec
commit a4fdb05433
1 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
firewall/firewall-add
View File

@@ -92,7 +92,8 @@ postrouting() {
debug "$IPTABLES -I POSTROUTING -s $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE" debug "$IPTABLES -I POSTROUTING -s $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE"
$IPTABLES -I POSTROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE $IPTABLES -I POSTROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE
fi
if [ -n "$TARGET_IP" ] ; then if [ -n "$TARGET_IP" ] ; then
LINES=$($IPTABLES -L --line-number -n | grep $COMMENT | grep $TARGET_IP | grep $TARGET_PORT | awk '{print $1}'| tac) LINES=$($IPTABLES -L --line-number -n | grep $COMMENT | grep $TARGET_IP | grep $TARGET_PORT | awk '{print $1}'| tac)
debug "Previous postrouting lines: "$LINES debug "Previous postrouting lines: "$LINES
@@ -107,6 +108,7 @@ postrouting() {
fi fi
debug "$IPTABLES -I POSTROUTING -s $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE" debug "$IPTABLES -I POSTROUTING -s $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE"
$IPTABLES -I POSTROUTING -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE $IPTABLES -I POSTROUTING -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE
fi
} }
ip_route() { ip_route() {
@@ -123,6 +125,13 @@ ip_route() {
done done
} }
if [[ "$ROUTE" == "true" ]] ; then
IP_ROUTE="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- ip route";
debug "ip_route: "$IP_ROUTE;
ip_route;
fi
COUNT_SOURCE_IP=$(set |grep SOURCE_IP |wc -l) COUNT_SOURCE_IP=$(set |grep SOURCE_IP |wc -l)
COUNT_SOURCE_PORT=$(set |grep SOURCE_PORT |wc -l) COUNT_SOURCE_PORT=$(set |grep SOURCE_PORT |wc -l)
COUNT_TARGET_IP=$(set |grep TARGET_IP |wc -l) COUNT_TARGET_IP=$(set |grep TARGET_IP |wc -l)
@@ -208,9 +217,3 @@ fi
done # source_ip done # source_ip
if [[ "$ROUTE" == "true" ]] ; then
IP_ROUTE="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- ip route";
debug "ip_route: "$IP_ROUTE;
ip_route;
fi