Update ufw-docker
This commit is contained in:
Egor Panfilov
Chai Feng
parent
e40bfd517c
commit
1333dcd298
34
ufw-docker
34
ufw-docker
@ -72,11 +72,11 @@ function ufw-docker--allow() {
|
||||
if [[ -z "$INSTANCE_PORT" || "$PORT_PROTO" = "${INSTANCE_PORT}/${PROTO}" ]]; then
|
||||
ITER=0
|
||||
for IP in "${INSTANCE_IP_ADDRESSES[@]}"; do
|
||||
INSTANCE_NETWORK="${INSTANCE_NETWORK_NAMES[$ITER]}"
|
||||
ITER=$((ITER+1))
|
||||
if [[ -n "$NETWORK" ]] && [[ "$NETWORK" != "$INSTANCE_NETWORK" ]]; then
|
||||
continue
|
||||
fi
|
||||
INSTANCE_NETWORK="${INSTANCE_NETWORK_NAMES[$ITER]}"
|
||||
ITER=$((ITER+1))
|
||||
if [[ -n "$NETWORK" ]] && [[ "$NETWORK" != "$INSTANCE_NETWORK" ]]; then
|
||||
continue
|
||||
fi
|
||||
ufw-docker--add-rule "$INSTANCE_NAME" "$IP" "${PORT_PROTO%/*}" "${PORT_PROTO#*/}" "${INSTANCE_NETWORK}"
|
||||
RETVAL="$?"
|
||||
done
|
||||
@ -303,11 +303,11 @@ function on-exit() {
|
||||
trap on-exit EXIT INT TERM QUIT ABRT ERR
|
||||
|
||||
function ufw-docker--check-install() {
|
||||
after_rules_tmp="${after_rules_tmp:-$(mktemp)}"
|
||||
rm-on-exit "$after_rules_tmp"
|
||||
after_rules_tmp="${after_rules_tmp:-$(mktemp)}"
|
||||
rm-on-exit "$after_rules_tmp"
|
||||
|
||||
sed "/^# BEGIN UFW AND DOCKER/,/^# END UFW AND DOCKER/d" "$after_rules" > "$after_rules_tmp"
|
||||
>> "${after_rules_tmp}" cat <<-\EOF
|
||||
sed "/^# BEGIN UFW AND DOCKER/,/^# END UFW AND DOCKER/d" "$after_rules" > "$after_rules_tmp"
|
||||
>> "${after_rules_tmp}" cat <<-\EOF
|
||||
# BEGIN UFW AND DOCKER
|
||||
*filter
|
||||
:ufw-user-forward - [0:0]
|
||||
@ -337,16 +337,16 @@ function ufw-docker--check-install() {
|
||||
# END UFW AND DOCKER
|
||||
EOF
|
||||
|
||||
diff -u --color=auto "$after_rules" "$after_rules_tmp"
|
||||
diff -u --color=auto "$after_rules" "$after_rules_tmp"
|
||||
}
|
||||
|
||||
function ufw-docker--install() {
|
||||
if ! ufw-docker--check-install; then
|
||||
local after_rules_bak
|
||||
local after_rules_bak
|
||||
after_rules_bak="${after_rules}-ufw-docker~$(date '+%Y-%m-%d-%H%M%S')~"
|
||||
err "\\nBacking up $after_rules to $after_rules_bak"
|
||||
cp "$after_rules" "$after_rules_bak"
|
||||
cat "$after_rules_tmp" > "$after_rules"
|
||||
err "\\nBacking up $after_rules to $after_rules_bak"
|
||||
cp "$after_rules" "$after_rules_bak"
|
||||
cat "$after_rules_tmp" > "$after_rules"
|
||||
err "Please restart UFW service manually by using the following command:"
|
||||
if type systemctl &>/dev/null; then
|
||||
err " sudo systemctl restart ufw"
|
||||
@ -357,7 +357,7 @@ function ufw-docker--install() {
|
||||
}
|
||||
|
||||
function ufw-docker--help() {
|
||||
cat <<-EOF >&2
|
||||
cat <<-EOF >&2
|
||||
Usage:
|
||||
ufw-docker <list|allow> [docker-instance-id-or-name [port[/tcp|/udp]] [network]]
|
||||
ufw-docker delete allow [docker-instance-id-or-name [port[/tcp|/udp]] [network]]
|
||||
@ -437,9 +437,9 @@ case "$ufw_action" in
|
||||
if [[ "$INSTANCE_PORT" = */udp ]]; then
|
||||
PROTO=udp
|
||||
fi
|
||||
shift || true
|
||||
shift || true
|
||||
|
||||
NETWORK="${1:-}"
|
||||
NETWORK="${1:-}"
|
||||
|
||||
INSTANCE_PORT="${INSTANCE_PORT%/*}"
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user