safebox/firewall_containers
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added selector based firewall rules creating

Browse Source
This commit is contained in:
Gyorgy Berenyi
2023-01-25 08:57:27 +00:00
parent 8386c2aa65
commit dac7a093b5
1 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
firewall/firewall-add
View File

@@ -28,6 +28,10 @@ set | grep TARGET
set | grep ROLES set | grep ROLES
SERVICE_FILES=$SERVICE_FILES SERVICE_FILES=$SERVICE_FILES
HOST_FILE=$HOST_FILE
if [ "$HOST_FILE" == "" ]; then
HOST_FILE="/etc/dns/hosts.local";
fi
RETRIES_NUMBER=$RETRIES_NUMBER RETRIES_NUMBER=$RETRIES_NUMBER
@@ -54,6 +58,18 @@ name_resolver() {
for D in $(echo $DNS); for D in $(echo $DNS);
do do
if [ -z "$STRICK_CHECK" ]; then
# find $D as SELECTOR in hosts file
EXISTS=$(grep -w $D $HOST_FILE);
#EXISTS=$(grep -w "$D-" $HOST_FILE); # TODO?
if [ -n "$EXISTS" ]; then # selector exists in hosts file
APP_IP=$(echo $EXISTS | sed s/$D//g); # remove all selectors
debug "APP_IP: "$APP_IP;
else
debug "no matching APPLICATION NAME found in $HOST_FILE"
fi
else
D=$(echo $D | cut -d "-" -f1) D=$(echo $D | cut -d "-" -f1)
UP=$(docker ps --format '{{.Names}}\t{{.Status}}' | grep Up | awk '{print $1}' | grep $D"-") ; UP=$(docker ps --format '{{.Names}}\t{{.Status}}' | grep Up | awk '{print $1}' | grep $D"-") ;
# filtering for ROLES variables if exists. # filtering for ROLES variables if exists.
@@ -103,10 +119,10 @@ name_resolver() {
else else
debug "no matching running process found" debug "no matching running process found"
fi fi
fi
done; done;
if [ $UP_COUNT -lt $SRV_COUNT ]; then if [[ ! -z "$STRICK_CHECK" && $UP_COUNT -lt $SRV_COUNT ]]; then
if [ "$2" == "" ]; then RETRIES=0; if [ "$2" == "" ]; then RETRIES=0;
else RETRIES=$2; else RETRIES=$2;
fi; fi;
@@ -155,8 +171,8 @@ if [[ -z "$SOURCE_IP" ]]; then
else else
IDX=$(expr 1 + $IDX) IDX=$(expr 1 + $IDX)
if [[ "$(echo $i | cut -d . -f4)" == "0" ]] ; then if [[ "$(echo $i | cut -d . -f4)" == "0" ]] ; then
SOURCE_IP="$SOURCE_IP/24"; SOURCE_IP="$i/24";
eval SOURCE_IP_$IDX="$SOURCE_IP/24"; eval SOURCE_IP_$IDX="$i/24";
debug "source ip is $SOURCE_IP"; debug "source ip is $SOURCE_IP";
else else
eval SOURCE_IP_$IDX=$i; eval SOURCE_IP_$IDX=$i;
@@ -203,8 +219,8 @@ if [[ -z "$TARGET_IP" ]]; then
else else
IDX=$(expr 1 + $IDX) IDX=$(expr 1 + $IDX)
if [[ "$(echo $i | cut -d . -f4)" == "0" ]] ; then if [[ "$(echo $i | cut -d . -f4)" == "0" ]] ; then
TARGET_IP="$TARGET_IP/24"; TARGET_IP="$i/24";
eval TARGET_IP_$IDX="$TARGET_IP/24"; eval TARGET_IP_$IDX="$i/24";
debug "target ip is $TARGET_IP"; debug "target ip is $TARGET_IP";
else else
eval TARGET_IP_$IDX=$i; eval TARGET_IP_$IDX=$i;