diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2023-09-02 17:59:33 +0200 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2023-09-02 17:59:33 +0200 |
| commit | c4644ad9eb16c5b62a9b3042a07c89c866f453c0 (patch) | |
| tree | 9126410c2fda902d0cf4d6333d371c0615c17782 /guix-container.sh | |
| parent | 816ff7ecd4a39c9918141c9fee10932cecb52565 (diff) | |
| download | koszko-org-server-c4644ad9eb16c5b62a9b3042a07c89c866f453c0.tar.gz koszko-org-server-c4644ad9eb16c5b62a9b3042a07c89c866f453c0.zip | |
Add Knot to the container
Diffstat (limited to 'guix-container.sh')
| -rwxr-xr-x | guix-container.sh | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/guix-container.sh b/guix-container.sh index 2a96b71..5d2983b 100755 --- a/guix-container.sh +++ b/guix-container.sh @@ -81,7 +81,11 @@ done GUILE_PID= SUCCESS= QUIET_EXIT= -FORWARDED_PORTLISTS="25,12525,465,587 993" +FORWARDED_PORTLISTS="tcp:25,12525,465,587 tcp:993 udp:53 tcp:53" + +colon_sep_field() { + printf '%s\n' "$1" | awk -F : "{print \$$2}" +} is_running() { test -e "$PIDFILE" && test -n "$(ps -o pid= --pid $(cat "$PIDFILE"))" @@ -120,17 +124,18 @@ network_setup() { iptables -t nat -A POSTROUTING \ -s 10.207.87.1/24 -o "$LINKNAME" -j MASQUERADE for PORTLIST in $FORWARDED_PORTLISTS; do - iptables -t nat -A PREROUTING \ - -i "$LINKNAME" -p tcp \ - -m multiport --dports "$PORTLIST" \ + iptables -t nat -A PREROUTING \ + -i "$LINKNAME" -p "$(colon_sep_field "$PORTLIST" 1)" \ + -m multiport --dports "$(colon_sep_field "$PORTLIST" 2)" \ -j DNAT --to-destination 10.207.87.2 done done for PORTLIST in $FORWARDED_PORTLISTS; do - iptables -t nat -A OUTPUT \ - -d "$(resolve_ipv4_domain koszko.org)" -p tcp \ - -m multiport --dports "$PORTLIST" \ + iptables -t nat -A OUTPUT \ + -d "$(resolve_ipv4_domain koszko.org)" \ + -p "$(colon_sep_field "$PORTLIST" 1)" \ + -m multiport --dports "$(colon_sep_field "$PORTLIST" 2)" \ -j DNAT --to-destination 10.207.87.2 done @@ -160,9 +165,11 @@ network_rip() { for LINKNAME in $(ip route | grep default | awk '{print $5}'); do for PORTLIST in $FORWARDED_PORTLISTS; do - iptables_rip_rule -t nat -D PREROUTING \ - -i "$LINKNAME" -p tcp \ - -m multiport --dports "$PORTLIST" \ + iptables_rip_rule -t nat -D PREROUTING \ + -i "$LINKNAME" \ + -p "$(colon_sep_field "$PORTLIST" 1)" \ + -m multiport \ + --dports "$(colon_sep_field "$PORTLIST" 2)" \ -j DNAT --to-destination 10.207.87.2 done iptables_rip_rule -t nat -D POSTROUTING \ @@ -171,9 +178,11 @@ network_rip() { done for PORTLIST in $FORWARDED_PORTLISTS; do - iptables_rip_rule -t nat -D OUTPUT \ - -d "$(resolve_ipv4_domain koszko.org)" -p tcp \ - -m multiport --dports "$PORTLIST" \ + iptables_rip_rule -t nat -D OUTPUT \ + -d "$(resolve_ipv4_domain koszko.org)" \ + -p "$(colon_sep_field "$PORTLIST" 1)" \ + -m multiport \ + --dports "$(colon_sep_field "$PORTLIST" 2)" \ -j DNAT --to-destination 10.207.87.2 done } |