bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
63cea6f394fd2f148319fc45e9b3c47fcdf2591b
zira-etc/csf/csfpost.sh

25 lines
748 B
Bash
Executable File
Raw Blame History

#!/bin/sh
echo "[DOCKER] Setting up FW rules."
iptables -N DOCKER
# Masquerade outbound connections from containers
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
# Accept established connections to the docker containers
iptables -t filter -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Allow docker containers to communicate with themselves & outside world
iptables -t filter -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
iptables -t filter -A FORWARD -i docker0 -o docker0 -j ACCEPT
echo "[DOCKER] Done."
# restart docker
systemctl restart docker >/dev/null 2>&1
# restart fail2ban after CSF update (otherwise fail2ban rules won't work)
systemctl restart fail2ban >/dev/null 2>&1
Reference in New Issue View Git Blame Copy Permalink