Introducing name resolution service instead of IP addresses
This commit is contained in:
@@ -16,8 +16,8 @@ POSTROUTING=$POSTROUTING
|
||||
# Mandatory task variables
|
||||
CHAIN=$CHAIN
|
||||
NAME=$NAME
|
||||
COMMENT=$COMMENT
|
||||
NAME=$NAME-$COMMENT
|
||||
COMMENT="-$COMMENT"
|
||||
NAME=$NAME$COMMENT
|
||||
PROTOCOL=$TYPE
|
||||
|
||||
EXTRA_OPTIONS="$2 $3 $4"
|
||||
@@ -27,6 +27,37 @@ EXTRA_OPTIONS="$2 $3 $4"
|
||||
DEBUG=1
|
||||
fi;
|
||||
|
||||
# finding IPv4 addresses from application names.
|
||||
name_resolver() {
|
||||
|
||||
local DNS_IP
|
||||
local DNS=$1
|
||||
APP_IP=""
|
||||
|
||||
echo "DNS: "$DNS;
|
||||
|
||||
for D in $(echo $DNS);
|
||||
do
|
||||
|
||||
UP=$(docker ps --format '{{.Names}}\t{{.Status}}' | grep Up | awk '{print $1}' | grep $D"-") ;
|
||||
# filtering for ROLES variables if exists.
|
||||
if [[ "$ROLES" != "null" && ! -z "$ROLES" ]]; then
|
||||
UP=$(grep $ROLES $(docker $UP -f '{{.Config.Labels.roles}}'));
|
||||
fi
|
||||
|
||||
if [ ! -z "$UP" ] ; then
|
||||
for D_IP in `echo $UP` ;
|
||||
do
|
||||
DNS_IP=$(docker inspect $D_IP -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}');
|
||||
APP_IP="$APP_IP $DNS_IP";
|
||||
echo "APP_IP: "$APP_IP;
|
||||
done
|
||||
else
|
||||
debug "no matching running process found"
|
||||
fi
|
||||
|
||||
done;
|
||||
}
|
||||
|
||||
if [[ -z "$TYPE" ]]; then
|
||||
TYPE="tcp"
|
||||
@@ -37,19 +68,50 @@ if [[ -z "$SOURCE_IP" ]]; then
|
||||
|
||||
elif [[ "$(echo $SOURCE_IP | cut -d . -f4)" == "0" ]] ; then
|
||||
SOURCE_IP="$SOURCE_IP/24";
|
||||
debug "source ip is $SOURCE_IP"
|
||||
debug "source ip is $SOURCE_IP";
|
||||
fi
|
||||
|
||||
if [[ "$SOURCE_APP" != *"."* ]]; then
|
||||
name_resolver $SOURCE_APP;
|
||||
debug "source ip is $APP_IP";
|
||||
IDX=0
|
||||
for IP in $(echo $APP_IP); do
|
||||
IDX=$(expr 1 + $IDX)
|
||||
if [ $IDX = 1 ]; then
|
||||
SOURCE_IP=$IP
|
||||
else
|
||||
eval SOURCE_IP_$IDX=$IP;
|
||||
fi;
|
||||
done;
|
||||
|
||||
# Modifying source or target IP addresses if POSTROUTING rules needed to applied
|
||||
fi;
|
||||
|
||||
|
||||
if [[ -z "$TARGET_IP" ]]; then
|
||||
TARGET_IP="0.0.0.0/0";
|
||||
|
||||
elif [[ "$(echo $TARGET_IP | cut -d . -f4)" == "0" ]] ; then
|
||||
TARGET_IP="$TARGET_IP/24";
|
||||
debug "target ip is $TARGET_IP"
|
||||
debug "target ip is $TARGET_IP";
|
||||
fi
|
||||
|
||||
if [[ "$TARGET_APP" != *"."* ]]; then
|
||||
name_resolver $TARGET_APP;
|
||||
debug "target ip is $APP_IP";
|
||||
IDX=0
|
||||
for IP in $(echo $APP_IP); do
|
||||
IDX=$(expr 1 + $IDX)
|
||||
if [ $IDX = 1 ]; then
|
||||
TARGET_IP=$IP;
|
||||
else
|
||||
eval TARGET_IP_$IDX=$IP;
|
||||
fi;
|
||||
done;
|
||||
fi;
|
||||
|
||||
set | grep SOURCE
|
||||
set | grep TARGET
|
||||
|
||||
prerouting() {
|
||||
LINES=$($IPTABLES -L --line-number -n | grep DNAT | grep $SOURCE_PORT |grep $TARGET_IP |grep $TARGET_PORT |grep $COMMENT | awk '{print $1}'| tac)
|
||||
@@ -132,7 +194,6 @@ ip_route() {
|
||||
if [[ "$ROUTE" == "true" ]] ; then
|
||||
IP_ROUTE="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- ip route";
|
||||
|
||||
debug "ip_route: "$IP_ROUTE;
|
||||
ip_route;
|
||||
exit;
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user