Merge pull request #231 from ullbergm/master

Added firewall support
This commit is contained in:
Kristian Haugene
2017-05-05 21:07:25 +02:00
committed by GitHub
6 changed files with 41 additions and 3 deletions

View File

@@ -46,11 +46,35 @@ dockerize -template /etc/transmission/environment-variables.tmpl:/etc/transmissi
TRANSMISSION_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/transmission/start.sh --down /etc/transmission/stop.sh"
if [ "true" = "$ENABLE_UFW" ]; then
# Enable firewall
echo "enabling firewall"
sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw
ufw enable
if [ "true" = "$TRANSMISSION_PEER_PORT_RANDOM_ON_START" ]; then
PEER_PORT="$TRANSMISSION_PEER_PORT_RANDOM_LOW:$TRANSMISSION_PEER_PORT_RANDOM_HIGH/tcp"
else
PEER_PORT=$TRANSMISSION_PEER_PORT
fi
echo "allowing $PEER_PORT through the firewall"
ufw allow $PEER_PORT
eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')
echo "allowing access to $TRANSMISSION_RPC_PORT from $GW"
ufw allow proto tcp from $GW to any port $TRANSMISSION_RPC_PORT
fi
if [ -n "${LOCAL_NETWORK-}" ]; then
eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}')
if [ -n "${GW-}" -a -n "${INT-}" ]; then
echo "adding route to local network $LOCAL_NETWORK via $GW dev $INT"
/sbin/ip r a "$LOCAL_NETWORK" via "$GW" dev "$INT"
if [ "true" = "$ENABLE_UFW" ]; then
echo "allowing access to $TRANSMISSION_RPC_PORT from $LOCAL_NETWORK"
ufw allow proto tcp from $LOCAL_NETWORK to any port $TRANSMISSION_RPC_PORT
fi
fi
fi