From c4644ad9eb16c5b62a9b3042a07c89c866f453c0 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Sat, 2 Sep 2023 17:59:33 +0200
Subject: Add Knot to the container

---
 guix-container.sh | 35 ++++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 13 deletions(-)

(limited to 'guix-container.sh')

diff --git a/guix-container.sh b/guix-container.sh
index 2a96b71..5d2983b 100755
--- a/guix-container.sh
+++ b/guix-container.sh
@@ -81,7 +81,11 @@ done
 GUILE_PID=
 SUCCESS=
 QUIET_EXIT=
-FORWARDED_PORTLISTS="25,12525,465,587 993"
+FORWARDED_PORTLISTS="tcp:25,12525,465,587 tcp:993 udp:53 tcp:53"
+
+colon_sep_field() {
+    printf '%s\n' "$1" | awk -F : "{print \$$2}"
+}
 
 is_running() {
     test -e "$PIDFILE" && test -n "$(ps -o pid= --pid $(cat "$PIDFILE"))"
@@ -120,17 +124,18 @@ network_setup() {
         iptables -t nat -A POSTROUTING \
                  -s 10.207.87.1/24 -o "$LINKNAME" -j MASQUERADE
         for PORTLIST in $FORWARDED_PORTLISTS; do
-            iptables -t nat -A PREROUTING                 \
-                     -i "$LINKNAME" -p tcp                \
-                     -m multiport --dports "$PORTLIST"    \
+            iptables -t nat -A PREROUTING                                     \
+                     -i "$LINKNAME" -p "$(colon_sep_field "$PORTLIST" 1)"     \
+                     -m multiport --dports "$(colon_sep_field "$PORTLIST" 2)" \
                      -j DNAT --to-destination 10.207.87.2
         done
     done
 
     for PORTLIST in $FORWARDED_PORTLISTS; do
-        iptables -t nat -A OUTPUT                              \
-                 -d "$(resolve_ipv4_domain koszko.org)" -p tcp \
-                 -m multiport --dports "$PORTLIST"             \
+        iptables -t nat -A OUTPUT                                         \
+                 -d "$(resolve_ipv4_domain koszko.org)"                   \
+                 -p "$(colon_sep_field "$PORTLIST" 1)"                    \
+                 -m multiport --dports "$(colon_sep_field "$PORTLIST" 2)" \
                  -j DNAT --to-destination 10.207.87.2
     done
 
@@ -160,9 +165,11 @@ network_rip() {
 
     for LINKNAME in $(ip route | grep default | awk '{print $5}'); do
         for PORTLIST in $FORWARDED_PORTLISTS; do
-            iptables_rip_rule -t nat -D PREROUTING                 \
-                              -i "$LINKNAME" -p tcp                \
-                              -m multiport --dports "$PORTLIST"    \
+            iptables_rip_rule -t nat -D PREROUTING                        \
+                              -i "$LINKNAME"                              \
+                              -p "$(colon_sep_field "$PORTLIST" 1)"       \
+                              -m multiport                                \
+                              --dports "$(colon_sep_field "$PORTLIST" 2)" \
                               -j DNAT --to-destination 10.207.87.2
         done
         iptables_rip_rule -t nat -D POSTROUTING            \
@@ -171,9 +178,11 @@ network_rip() {
     done
 
     for PORTLIST in $FORWARDED_PORTLISTS; do
-        iptables_rip_rule -t nat -D OUTPUT                              \
-                          -d "$(resolve_ipv4_domain koszko.org)" -p tcp \
-                          -m multiport --dports "$PORTLIST"             \
+        iptables_rip_rule -t nat -D OUTPUT                            \
+                          -d "$(resolve_ipv4_domain koszko.org)"      \
+                          -p "$(colon_sep_field "$PORTLIST" 1)"       \
+                          -m multiport                                \
+                          --dports "$(colon_sep_field "$PORTLIST" 2)" \
                           -j DNAT --to-destination 10.207.87.2
     done
 }
-- 
cgit v1.2.3