-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathctables
More file actions
25 lines (25 loc) · 1.02 KB
/
ctables
File metadata and controls
25 lines (25 loc) · 1.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/bin/bash
#
# https://github.com/deitch/ctables
#
NSPID=${1}
LINKFILE="/var/run/netns/${NSPID}"
mkdir -p /var/run/netns
/bin/rm -f "$LINKFILE"
ln -s "/proc/$NSPID/ns/net" "$LINKFILE"
ip netns exec ${NSPID} iptables -I INPUT -j REJECT
ip netns exec ${NSPID} iptables -I INPUT -i lo -j ACCEPT
ip netns exec ${NSPID} iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Replace 10.0.0.0/24 with your servers IP's or ranges
ip netns exec ${NSPID} iptables -I INPUT -s 10.0.0.0/24 -j ACCEPT
# Replace 10.10.0.0/16 with your OpenVPN IP Range
ip netns exec ${NSPID} iptables -I INPUT -s 10.10.0.0/16 -j ACCEPT
ip netns exec ${NSPID} iptables -I OUTPUT -o lo -j ACCEPT
ip netns exec ${NSPID} iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Add any custom routes you may need.
# ip netns exec ${NSPID} ip route add 10.194.0.0/16 via 10.0.0.243
/bin/rm -f "$LINKFILE"
# Modify file permissions inside the container
if [ -f /proc/$NSPID/root/usr/bin/pkexec ]; then
chmod -s /proc/$NSPID/root/usr/bin/pkexec
fi