fickit: Add dexidp on frontend
This commit is contained in:
parent
e48ee589e5
commit
75d288000f
23
configs/dex-templates/templates/header.html
Normal file
23
configs/dex-templates/templates/header.html
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
|
||||||
|
<title>{{ issuer }}</title>
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
<link href="{{ url .ReqPath "static/main.css" }}" rel="stylesheet">
|
||||||
|
<link href="{{ url .ReqPath "theme/styles.css" }}" rel="stylesheet">
|
||||||
|
<link rel="icon" href="{{ url .ReqPath "theme/favicon.png" }}">
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body class="theme-body">
|
||||||
|
<div class="theme-navbar">
|
||||||
|
<div class="theme-navbar__logo-wrap">
|
||||||
|
<img class="theme-navbar__logo" src="{{ url .ReqPath logo }}">
|
||||||
|
</div>
|
||||||
|
<div class="theme-navbar__logo-wrap" style="text-align:right">
|
||||||
|
<img class="theme-navbar__logo" src="../../img/epita.png">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="dex-container">
|
21
configs/dex-templates/templates/login.html
Normal file
21
configs/dex-templates/templates/login.html
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{{ template "header.html" . }}
|
||||||
|
|
||||||
|
<div class="theme-panel">
|
||||||
|
<h2 class="theme-heading">
|
||||||
|
Bienvenue au challenge Forensic !
|
||||||
|
</h2>
|
||||||
|
<div>
|
||||||
|
{{ range $c := .Connectors }}
|
||||||
|
<div class="theme-form-row">
|
||||||
|
<a href="{{ $c.URL }}" target="_self">
|
||||||
|
<button class="dex-btn theme-btn-provider">
|
||||||
|
<span class="dex-btn-icon dex-btn-icon--{{ $c.Type }}"></span>
|
||||||
|
<span class="dex-btn-text">Log in with {{ $c.Name }}</span>
|
||||||
|
</button>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
{{ end }}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{{ template "footer.html" . }}
|
58
configs/dex-templates/templates/password.html
Normal file
58
configs/dex-templates/templates/password.html
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
{{ template "header.html" . }}
|
||||||
|
|
||||||
|
<div class="theme-panel">
|
||||||
|
<h2 class="theme-heading">
|
||||||
|
Bienvenue au challenge Forensic !
|
||||||
|
</h2>
|
||||||
|
<form method="post" action="{{ .PostURL }}">
|
||||||
|
<div class="theme-form-row">
|
||||||
|
<div class="theme-form-label">
|
||||||
|
<label for="userid">Votre équipe</label>
|
||||||
|
</div>
|
||||||
|
<select tabindex="1" required id="login" name="login" class="theme-form-input" autofocus>
|
||||||
|
<option value="team01">0verfl0wl</option>
|
||||||
|
<option value="team02">TeamDLS</option>
|
||||||
|
<option value="team03">ESNArcotrafiquants</option>
|
||||||
|
<option value="team04">Ingénieur Cyberdéfense</option>
|
||||||
|
<option value="team05">StrawHats</option>
|
||||||
|
<option value="team06">PoC INNOVATION</option>
|
||||||
|
<option value="team07">root42</option>
|
||||||
|
<option value="team08">Les Pires Hat</option>
|
||||||
|
<option value="team09">Esaip</option>
|
||||||
|
<option value="team10">Hack In Provence</option>
|
||||||
|
<option value="team11">Sogeti Aces of spades</option>
|
||||||
|
<option value="team12">DéfendonsEnsemble</option>
|
||||||
|
<option value="team13">Linkbynet Cybersecurity</option>
|
||||||
|
<option value="team14">Evil-Minded</option>
|
||||||
|
<option value="team15">ID-IoT</option>
|
||||||
|
<option value="team16">199</option>
|
||||||
|
<option value="team17">Équipe supplémentaire 1</option>
|
||||||
|
<option value="team18">Équipe supplémentaire 2</option>
|
||||||
|
<option value="team19">Équipe supplémentaire 3</option>
|
||||||
|
<option value="team20">Équipe supplémentaire 4</option>
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
<div class="theme-form-row">
|
||||||
|
<div class="theme-form-label">
|
||||||
|
<label for="password">Mot de passe</label>
|
||||||
|
</div>
|
||||||
|
<input tabindex="2" required id="password" name="password" type="password" class="theme-form-input" placeholder="mot de passe" {{ if .Invalid }} autofocus {{ end }}/>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{{ if .Invalid }}
|
||||||
|
<div id="login-error" class="dex-error-box">
|
||||||
|
Identifiants incorrects.
|
||||||
|
</div>
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
<button tabindex="3" id="submit-login" type="submit" class="dex-btn theme-btn--primary">C'est parti !</button>
|
||||||
|
|
||||||
|
</form>
|
||||||
|
{{ if .BackLink }}
|
||||||
|
<div class="theme-link-back">
|
||||||
|
<a class="dex-subtle-text" href="{{ .BackLink }}">Sélectionner une autre méthode d'authentification.</a>
|
||||||
|
</div>
|
||||||
|
{{ end }}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{{ template "footer.html" . }}
|
114
configs/dex-templates/theme/styles.css
Normal file
114
configs/dex-templates/theme/styles.css
Normal file
|
@ -0,0 +1,114 @@
|
||||||
|
.theme-body {
|
||||||
|
background-color: white;
|
||||||
|
color: #272b30;
|
||||||
|
font-family: system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", "Liberation Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-navbar {
|
||||||
|
background-color: #272b30;
|
||||||
|
border-bottom: 5px solid #4eaee6;
|
||||||
|
color: #333;
|
||||||
|
font-size: 13px;
|
||||||
|
font-weight: 100;
|
||||||
|
overflow: hidden;
|
||||||
|
padding: 0 10px;
|
||||||
|
display: flex;
|
||||||
|
align-items: center;
|
||||||
|
justify-content: space-around;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-navbar__logo-wrap {
|
||||||
|
display: inline-block;
|
||||||
|
overflow: hidden;
|
||||||
|
padding: 10px 15px;
|
||||||
|
width: 300px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-navbar__logo {
|
||||||
|
height: 90px;
|
||||||
|
max-height: 12vh;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-heading {
|
||||||
|
font-size: 20px;
|
||||||
|
font-weight: 500;
|
||||||
|
margin-bottom: 10px;
|
||||||
|
margin-top: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-panel {
|
||||||
|
background-color: #fff;
|
||||||
|
box-shadow: 0 5px 15px rgba(0, 0, 0, 0.5);
|
||||||
|
padding: 30px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-btn-provider {
|
||||||
|
background-color: #fff;
|
||||||
|
color: #333;
|
||||||
|
min-width: 250px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-btn-provider:hover {
|
||||||
|
color: #999;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-btn--primary {
|
||||||
|
background-color: #333;
|
||||||
|
border: none;
|
||||||
|
color: #fff;
|
||||||
|
min-width: 200px;
|
||||||
|
padding: 6px 12px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-btn--primary:hover {
|
||||||
|
background-color: #666;
|
||||||
|
color: #fff;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-btn--success {
|
||||||
|
background-color: #2FC98E;
|
||||||
|
color: #fff;
|
||||||
|
width: 250px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-btn--success:hover {
|
||||||
|
background-color: #49E3A8;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-form-row {
|
||||||
|
display: block;
|
||||||
|
margin: 20px auto;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-form-input {
|
||||||
|
border-radius: 4px;
|
||||||
|
border: 1px solid #CCC;
|
||||||
|
box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075);
|
||||||
|
color: #666;
|
||||||
|
display: block;
|
||||||
|
font-size: 14px;
|
||||||
|
height: 36px;
|
||||||
|
line-height: 1.42857143;
|
||||||
|
margin: auto;
|
||||||
|
padding: 6px 12px;
|
||||||
|
width: 250px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-form-input:focus,
|
||||||
|
.theme-form-input:active {
|
||||||
|
border-color: #66AFE9;
|
||||||
|
outline: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-form-label {
|
||||||
|
font-size: 13px;
|
||||||
|
font-weight: 600;
|
||||||
|
margin: 4px auto;
|
||||||
|
position: relative;
|
||||||
|
text-align: left;
|
||||||
|
width: 250px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.theme-link-back {
|
||||||
|
margin-top: 4px;
|
||||||
|
}
|
84
configs/dex.yaml
Normal file
84
configs/dex.yaml
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
# The base path of Dex and the external name of the OpenID Connect service.
|
||||||
|
# This is the canonical URL that all clients MUST use to refer to Dex. If a
|
||||||
|
# path is provided, Dex's HTTP service will listen at a non-root URL.
|
||||||
|
issuer: https://fic.srs.epita.fr
|
||||||
|
|
||||||
|
# The storage configuration determines where dex stores its state. Supported
|
||||||
|
# options include SQL flavors and Kubernetes third party resources.
|
||||||
|
storage:
|
||||||
|
type: sqlite3
|
||||||
|
config:
|
||||||
|
file: /var/dex/dex.db
|
||||||
|
|
||||||
|
# Configuration for the HTTP endpoints.
|
||||||
|
web:
|
||||||
|
http: 0.0.0.0:5556
|
||||||
|
#allowedOrigins: ['*']
|
||||||
|
|
||||||
|
# Configuration for dex appearance
|
||||||
|
frontend:
|
||||||
|
issuer: Challenge forensic
|
||||||
|
logoURL: img/fic.png
|
||||||
|
dir: /srv/dex/web/
|
||||||
|
# theme: light
|
||||||
|
|
||||||
|
# Configuration for telemetry
|
||||||
|
#telemetry:
|
||||||
|
# http: 0.0.0.0:5558
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
oauth2:
|
||||||
|
#responseTypes: ["code", "token", "id_token"]
|
||||||
|
skipApprovalScreen: true
|
||||||
|
|
||||||
|
staticClients:
|
||||||
|
- id: epita-challenge
|
||||||
|
name: Challenge Forensic
|
||||||
|
redirectURIs: ['https://fic.srs.epita.fr/challenge_access/auth']
|
||||||
|
secret: N4n7AXzK9kpXt3TmSn8wAgtxqxhGORgcubLaE2g
|
||||||
|
|
||||||
|
|
||||||
|
enablePasswordDB: true
|
||||||
|
|
||||||
|
staticPasswords:
|
||||||
|
- email: "team01"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team02"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team03"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team04"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team05"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team06"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team07"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team08"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team09"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team10"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team11"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team12"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team13"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team14"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team15"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team16"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team17"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team18"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team19"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
||||||
|
- email: "team20"
|
||||||
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
|
@ -9,6 +9,7 @@
|
||||||
|
|
||||||
172.17.1.2 nginx
|
172.17.1.2 nginx
|
||||||
172.17.1.3 frontend
|
172.17.1.3 frontend
|
||||||
|
172.17.1.4 auth
|
||||||
|
|
||||||
127.0.0.1 localhost
|
127.0.0.1 localhost
|
||||||
::1 localhost ip6-localhost ip6-loopback
|
::1 localhost ip6-localhost ip6-loopback
|
||||||
|
|
|
@ -88,6 +88,17 @@ onboot:
|
||||||
- name: eth0
|
- name: eth0
|
||||||
bindNS:
|
bindNS:
|
||||||
net: /run/netns/sshd
|
net: /run/netns/sshd
|
||||||
|
- name: auth-ip-setup
|
||||||
|
image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1
|
||||||
|
command: ["/bin/sh", "-c", "ip a add 172.17.1.4/24 dev vethin-auth; ip link set vethin-auth up;" ]
|
||||||
|
net: new
|
||||||
|
runtime:
|
||||||
|
interfaces:
|
||||||
|
- name: vethin-auth
|
||||||
|
add: veth
|
||||||
|
peer: veth-auth
|
||||||
|
bindNS:
|
||||||
|
net: /run/netns/auth
|
||||||
- name: bridge-setup
|
- name: bridge-setup
|
||||||
image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1
|
image: linuxkit/ip:b98c32fab9c8997c5d05677af979f05dfcd8b3f1
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.17.1.1/24 dev br0; ip link set veth-nginx master br0; ip link set veth-frontend master br0; ip link set br0 up; ip link set veth-nginx up; ip link set veth-frontend up;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.17.1.1/24 dev br0; ip link set veth-nginx master br0; ip link set veth-frontend master br0; ip link set br0 up; ip link set veth-nginx up; ip link set veth-frontend up;" ]
|
||||||
|
@ -223,6 +234,37 @@ services:
|
||||||
# - /etc/unbound/unbound.d:/etc/unbound/unbound.d:ro
|
# - /etc/unbound/unbound.d:/etc/unbound/unbound.d:ro
|
||||||
# net: /run/netns/nginx
|
# net: /run/netns/nginx
|
||||||
|
|
||||||
|
- name: dexidp
|
||||||
|
image: ghcr.io/dexidp/dex:v2.30.0
|
||||||
|
net: /run/netns/auth
|
||||||
|
binds:
|
||||||
|
- /etc/hosts:/etc/hosts:ro
|
||||||
|
- /var/lib/fic/pki/shared/dex-config.yaml:/etc/dex/config.docker.yaml:ro
|
||||||
|
- /var/lib/fic/dex:/var/dex
|
||||||
|
- /www/dex-templates/theme/styles.css:/srv/dex/web/themes/light/styles.css
|
||||||
|
- /www/dex-templates/templates/header.html:/srv/dex/web/templates/header.html
|
||||||
|
- /var/lib/fic/pki/shared/dex-password.tpl:/srv/dex/web/templates/password.html
|
||||||
|
- /www/htdocs-frontend/img/fic.png:/srv/dex/web/themes/light/favicon.png
|
||||||
|
runtime:
|
||||||
|
mkdir:
|
||||||
|
- /var/lib/fic/dex
|
||||||
|
- name: vouch-proxy
|
||||||
|
image: quay.io/vouch/vouch-proxy:alpine-0.34
|
||||||
|
env:
|
||||||
|
- VOUCH_ALLOWALLUSERS=true
|
||||||
|
- VOUCH_COOKIE_DOMAIN=fic.srs.epita.fr
|
||||||
|
- VOUCH_DOCUMENT_ROOT=/challenge_access
|
||||||
|
- VOUCH_LOGLEVEL=debug
|
||||||
|
- OAUTH_PROVIDER=oidc
|
||||||
|
- OAUTH_CLIENT_ID=epita-challenge
|
||||||
|
- OAUTH_CLIENT_SECRET=N4n7AXzK9kpXt3TmSn8wAgtxqxhGORgcubLaE2g
|
||||||
|
- OAUTH_CALLBACK_URL=https://fic.srs.epita.fr/challenge_access/auth
|
||||||
|
- OAUTH_AUTH_URL=https://fic.srs.epita.fr/auth
|
||||||
|
- OAUTH_TOKEN_URL=http://127.0.0.1:5556/token
|
||||||
|
- OAUTH_USER_INFO_URL=http://127.0.0.1:5556/userinfo
|
||||||
|
- OAUTH_SCOPES=openid,email
|
||||||
|
net: /run/netns/auth
|
||||||
|
|
||||||
|
|
||||||
files:
|
files:
|
||||||
- path: etc/init.d/015-setup-sshd
|
- path: etc/init.d/015-setup-sshd
|
||||||
|
@ -231,8 +273,11 @@ files:
|
||||||
- path: etc/init.d/016-copy-dex-config
|
- path: etc/init.d/016-copy-dex-config
|
||||||
contents: |
|
contents: |
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
[ -f /var/lib/fic/dex-config.yaml ] || {
|
[ -f /var/lib/fic/pki/shared/dex-config.yaml ] || {
|
||||||
cp /etc/dex/config.auth.yaml /var/lib/fic/dex-config.yaml
|
cp /etc/dex/config.auth.yaml /var/lib/fic/pki/shared/dex-config.yaml
|
||||||
|
}
|
||||||
|
[ -f /var/lib/fic/pki/shared/dex-password.tpl ] || {
|
||||||
|
cp /www/dex-templates/templates/password.html /var/lib/fic/pki/shared/dex-password.tpl
|
||||||
}
|
}
|
||||||
mode: "0555"
|
mode: "0555"
|
||||||
|
|
||||||
|
@ -273,6 +318,18 @@ files:
|
||||||
source: configs/nginx/get-team/oidc.conf
|
source: configs/nginx/get-team/oidc.conf
|
||||||
mode: "0400"
|
mode: "0400"
|
||||||
|
|
||||||
|
- path: etc/dex/config.auth.yaml
|
||||||
|
source: configs/dex.yaml
|
||||||
|
mode: "0400"
|
||||||
|
- path: www/dex-templates/theme/styles.css
|
||||||
|
source: configs/dex-templates/theme/styles.css
|
||||||
|
mode: "0444"
|
||||||
|
- path: www/dex-templates/templates/header.html
|
||||||
|
source: configs/dex-templates/templates/header.html
|
||||||
|
mode: "0444"
|
||||||
|
- path: www/dex-templates/templates/password.html
|
||||||
|
source: configs/dex-templates/templates/password.html
|
||||||
|
mode: "0444"
|
||||||
|
|
||||||
- path: usr/bin/iptables
|
- path: usr/bin/iptables
|
||||||
source: configs/nsenter_iptables.sh
|
source: configs/nsenter_iptables.sh
|
||||||
|
@ -375,6 +432,8 @@ files:
|
||||||
[0:0] -A OUTPUT -o bond-frontal -p udp -m udp --sport domain -j ACCEPT
|
[0:0] -A OUTPUT -o bond-frontal -p udp -m udp --sport domain -j ACCEPT
|
||||||
[0:0] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
[0:0] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
[0:0] -A OUTPUT -o vethin-nginx -d 172.17.1.3 -p tcp -m conntrack --ctstate NEW -m tcp --dport 8080 -j ACCEPT
|
[0:0] -A OUTPUT -o vethin-nginx -d 172.17.1.3 -p tcp -m conntrack --ctstate NEW -m tcp --dport 8080 -j ACCEPT
|
||||||
|
[0:0] -A OUTPUT -o vethin-nginx -d 172.17.1.4 -p tcp -m conntrack --ctstate NEW -m tcp --dport 5556 -j ACCEPT
|
||||||
|
[0:0] -A OUTPUT -o vethin-nginx -d 172.17.1.4 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9090 -j ACCEPT
|
||||||
[0:0] -A OUTPUT -o internet -j ACCEPT
|
[0:0] -A OUTPUT -o internet -j ACCEPT
|
||||||
[0:0] -A OUTPUT -j LOG
|
[0:0] -A OUTPUT -j LOG
|
||||||
[0:0] -A OUTPUT -j REJECT
|
[0:0] -A OUTPUT -j REJECT
|
||||||
|
|
Loading…
Reference in New Issue
Block a user