Automatically manage firewall rules (iptables) for services #1
4 changed files with 17 additions and 15 deletions
|
@ -18,6 +18,6 @@ COPY ./src ./src
|
||||||
RUN cargo build --release
|
RUN cargo build --release
|
||||||
|
|
||||||
FROM debian:bullseye-slim
|
FROM debian:bullseye-slim
|
||||||
RUN apt-get update && apt-get install -y libssl1.1
|
RUN apt-get update && apt-get install -y libssl1.1 iptables
|
||||||
COPY --from=builder /srv/target/release/diplonat /usr/local/sbin/diplonat
|
COPY --from=builder /srv/target/release/diplonat /usr/local/sbin/diplonat
|
||||||
CMD ["/usr/local/sbin/diplonat"]
|
CMD ["/usr/local/sbin/diplonat"]
|
||||||
|
|
17
README.md
17
README.md
|
@ -4,7 +4,7 @@ Diplonat
|
||||||
## Feature set
|
## Feature set
|
||||||
|
|
||||||
* [X] (Re)Configure NAT via UPNP/IGD (prio: high)
|
* [X] (Re)Configure NAT via UPNP/IGD (prio: high)
|
||||||
* [ ] (Re)Configure nftable (prio: low)
|
* [X] (Re)Configure iptables (prio: low)
|
||||||
* [ ] (Re)Configure DNS via ??? (prio: low)
|
* [ ] (Re)Configure DNS via ??? (prio: low)
|
||||||
|
|
||||||
## Understand scope
|
## Understand scope
|
||||||
|
@ -17,11 +17,24 @@ Diplonat
|
||||||
|
|
||||||
## Operate
|
## Operate
|
||||||
|
|
||||||
|
You need to add the following to your nomad config file :
|
||||||
|
|
||||||
|
```
|
||||||
|
client {
|
||||||
|
[...]
|
||||||
|
|
||||||
|
options {
|
||||||
|
docker.privileged.enabled = "true"
|
||||||
darkgallium marked this conversation as resolved
|
|||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cargo build
|
cargo build
|
||||||
consul agent -dev # in a separate terminal
|
consul agent -dev # in a separate terminal
|
||||||
|
|
||||||
# adapt following values to your configuratio
|
# adapt following values to your configuration
|
||||||
export DIPLONAT_PRIVATE_IP="192.168.0.18"
|
export DIPLONAT_PRIVATE_IP="192.168.0.18"
|
||||||
export DIPLONAT_REFRESH_TIME="60"
|
export DIPLONAT_REFRESH_TIME="60"
|
||||||
export DIPLONAT_EXPIRATION_TIME="300"
|
export DIPLONAT_EXPIRATION_TIME="300"
|
||||||
|
|
12
src/fw.rs
12
src/fw.rs
|
@ -73,15 +73,3 @@ pub fn cleanup(ipt: &iptables::IPTables) -> Result<(), FirewallError> {
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
fn main() {
|
|
||||||
let ipt = iptables::new(false).unwrap();
|
|
||||||
setup(&ipt);
|
|
||||||
|
|
||||||
let mut test: HashSet<Port> = HashSet::new();
|
|
||||||
test.insert(Port { proto: String::from("tcp"), number: 443 });
|
|
||||||
let a = get_opened_ports(&ipt);
|
|
||||||
let l = test.difference(&a).collect::<Vec<&Port>>();
|
|
||||||
println!("{:?}", l);
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
|
@ -78,3 +78,4 @@ impl FirewallActor {
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue
Uuuuh nicely spot, I did not think to it but it makes sense :)
Thanks for testing the whole pipeline!