From 9434deba10200c428ee66b4c44baa9432e590134 Mon Sep 17 00:00:00 2001 From: Marc Barry <4965634+marc-barry@users.noreply.github.com> Date: Wed, 15 Nov 2023 14:58:00 -0500 Subject: [PATCH 1/3] Accept all RFC 1918 address blocks (by default). --- docker-entrypoint.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index e8b1c2e..228cf20 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -25,12 +25,13 @@ fi DEFAULT_ACCEPT_UIDS="1010" # Default UID of Qtap DEFAULT_ACCEPT_GIDS="1010" # Default GID of Qtap DEFAULT_PORT_MAPPING="10080:80,10443:443,10000:" +DEFAULT_ACCEPT_BLOCKS="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" # RFC 1918 address blocks -# Set default values for ACCEPT_UIDS and ACCEPT_GIDS if they are not provided +# Set default values if they are not provided ACCEPT_UIDS="${ACCEPT_UIDS:-$DEFAULT_ACCEPT_UIDS}" ACCEPT_GIDS="${ACCEPT_GIDS:-$DEFAULT_ACCEPT_GIDS}" - PORT_MAPPING="${PORT_MAPPING:-$DEFAULT_PORT_MAPPING}" +ACCEPT_BLOCKS="${ACCEPT_BLOCKS:-$DEFAULT_ACCEPT_BLOCKS}" apply_rules() { local TO_PORT="$1" @@ -61,6 +62,12 @@ apply_rules() { fi } +# Apply rules for each block +IFS=',' read -ra BLOCKS <<< "$ACCEPT_BLOCKS" +for BLOCK in "${BLOCKS[@]}"; do + iptables -t nat -A OUTPUT -p tcp -d "$BLOCK" -j ACCEPT +done + IFS=',' read -ra MAPPINGS <<< "$PORT_MAPPING" for MAPPING in "${MAPPINGS[@]}"; do IFS=':' read -ra PORTS <<< "$MAPPING" From 1cba54d9a0d0be81430476ce4665ed0fd4ce166f Mon Sep 17 00:00:00 2001 From: Marc Barry <4965634+marc-barry@users.noreply.github.com> Date: Wed, 15 Nov 2023 18:11:37 -0500 Subject: [PATCH 2/3] Log environment variables. --- docker-entrypoint.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 228cf20..7406cc3 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -33,6 +33,12 @@ ACCEPT_GIDS="${ACCEPT_GIDS:-$DEFAULT_ACCEPT_GIDS}" PORT_MAPPING="${PORT_MAPPING:-$DEFAULT_PORT_MAPPING}" ACCEPT_BLOCKS="${ACCEPT_BLOCKS:-$DEFAULT_ACCEPT_BLOCKS}" +echo "ACCEPT_UIDS: $ACCEPT_UIDS" +echo "ACCEPT_GIDS: $ACCEPT_GIDS" +echo "PORT_MAPPING: $PORT_MAPPING" +echo "ACCEPT_BLOCKS: $ACCEPT_BLOCKS" + + apply_rules() { local TO_PORT="$1" local DEST_PORT="$2" From f782f8919fd284e9c9cdc0c2bfa686493e857469 Mon Sep 17 00:00:00 2001 From: Marc Barry <4965634+marc-barry@users.noreply.github.com> Date: Wed, 15 Nov 2023 21:17:05 -0500 Subject: [PATCH 3/3] Log formatting. --- docker-entrypoint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 7406cc3..5419688 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -33,11 +33,12 @@ ACCEPT_GIDS="${ACCEPT_GIDS:-$DEFAULT_ACCEPT_GIDS}" PORT_MAPPING="${PORT_MAPPING:-$DEFAULT_PORT_MAPPING}" ACCEPT_BLOCKS="${ACCEPT_BLOCKS:-$DEFAULT_ACCEPT_BLOCKS}" +echo "----->" echo "ACCEPT_UIDS: $ACCEPT_UIDS" echo "ACCEPT_GIDS: $ACCEPT_GIDS" echo "PORT_MAPPING: $PORT_MAPPING" echo "ACCEPT_BLOCKS: $ACCEPT_BLOCKS" - +echo "<-----" apply_rules() { local TO_PORT="$1"