diff --git a/Dockerfile b/Dockerfile index 41c7da9..f34dd2c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,6 +18,6 @@ COPY ./src ./src RUN cargo build --release FROM debian:bullseye-slim -RUN apt-get update && apt-get install -y libssl1.1 +RUN apt-get update && apt-get install -y libssl1.1 iptables COPY --from=builder /srv/target/release/diplonat /usr/local/sbin/diplonat CMD ["/usr/local/sbin/diplonat"] diff --git a/README.md b/README.md index 518061b..3fb0f52 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Diplonat ## Feature set * [X] (Re)Configure NAT via UPNP/IGD (prio: high) - * [ ] (Re)Configure nftable (prio: low) + * [X] (Re)Configure iptables (prio: low) * [ ] (Re)Configure DNS via ??? (prio: low) ## Understand scope @@ -17,11 +17,24 @@ Diplonat ## Operate +You need to add the following to your nomad config file : + +``` +client { + [...] + + options { + docker.privileged.enabled = "true" + } +} +``` + + ```bash cargo build consul agent -dev # in a separate terminal -# adapt following values to your configuratio +# adapt following values to your configuration export DIPLONAT_PRIVATE_IP="192.168.0.18" export DIPLONAT_REFRESH_TIME="60" export DIPLONAT_EXPIRATION_TIME="300" diff --git a/src/fw.rs b/src/fw.rs index 955425a..42ce73a 100644 --- a/src/fw.rs +++ b/src/fw.rs @@ -73,15 +73,3 @@ pub fn cleanup(ipt: &iptables::IPTables) -> Result<(), FirewallError> { Ok(()) } -/* -fn main() { - let ipt = iptables::new(false).unwrap(); - setup(&ipt); - - let mut test: HashSet = HashSet::new(); - test.insert(Port { proto: String::from("tcp"), number: 443 }); - let a = get_opened_ports(&ipt); - let l = test.difference(&a).collect::>(); - println!("{:?}", l); -} -*/ diff --git a/src/fw_actor.rs b/src/fw_actor.rs index 9bc6610..0ef08eb 100644 --- a/src/fw_actor.rs +++ b/src/fw_actor.rs @@ -78,3 +78,4 @@ impl FirewallActor { } } +