Initial commit.
This commit is contained in:
20
csf/csfpost.sh
Executable file
20
csf/csfpost.sh
Executable file
@@ -0,0 +1,20 @@
|
||||
#!/bin/sh
|
||||
|
||||
echo "[DOCKER] Setting up FW rules."
|
||||
|
||||
iptables -N DOCKER
|
||||
|
||||
# Masquerade outbound connections from containers
|
||||
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
|
||||
|
||||
# Accept established connections to the docker containers
|
||||
iptables -t filter -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
# Allow docker containers to communicate with themselves & outside world
|
||||
iptables -t filter -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
|
||||
iptables -t filter -A FORWARD -i docker0 -o docker0 -j ACCEPT
|
||||
|
||||
echo "[DOCKER] Done."
|
||||
|
||||
# restart fail2ban after CSF update (otherwise fail2ban rules won't work)
|
||||
systemctl restart fail2ban >/dev/null 2>&1
|
||||
Reference in New Issue
Block a user