fickit: Allow remote-sync IP in firewall
This commit is contained in:
parent
3f0e0536b9
commit
b4ec736948
2 changed files with 8 additions and 3 deletions
|
|
@ -121,10 +121,11 @@ onboot:
|
|||
|
||||
- name: firewall-frontal
|
||||
image: linuxkit/ip:v1.0.0
|
||||
command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-frontal.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6" ]
|
||||
command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-frontal.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6; [ -f /run/config/remote_sync/destination ] && /sbin/iptables -I OUTPUT 7 -o bond-frontal -d $(cat /run/config/remote_sync/destination | tr -d '\n') -p tcp -m tcp --dport https -J ACCEPT;" ]
|
||||
binds:
|
||||
- /etc/iptables/rules-frontal.v4:/etc/iptables/rules-frontal.v4:ro
|
||||
- /etc/iptables/rules.v6:/etc/iptables/rules.v6:ro
|
||||
- /run/config/remote_sync/:/run/config/remote_sync/:ro
|
||||
net: /run/netns/nginx
|
||||
- name: firewall-sshd
|
||||
image: linuxkit/ip:v1.0.0
|
||||
|
|
@ -468,7 +469,6 @@ files:
|
|||
[0:0] -A OUTPUT -o bond-frontal -p udp -m udp --sport domain -j ACCEPT
|
||||
[0:0] -A OUTPUT -o bond-frontal -d 9.9.9.9 -p udp -m udp --dport domain -j ACCEPT
|
||||
[0:0] -A OUTPUT -o bond-frontal -d 9.9.9.9 -p tcp -m tcp --dport domain -j ACCEPT
|
||||
[0:0] -A OUTPUT -o bond-frontal -d 94.23.5.143 -p tcp -m tcp --dport https -j ACCEPT
|
||||
[0:0] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
[0:0] -A OUTPUT -o vethin-nginx -d 172.17.1.3 -p tcp -m conntrack --ctstate NEW -m tcp --dport 8080 -j ACCEPT
|
||||
[0:0] -A OUTPUT -o vethin-nginx -d 172.17.1.4 -p tcp -m conntrack --ctstate NEW -m tcp --dport 5556 -j ACCEPT
|
||||
|
|
|
|||
Reference in a new issue