lelgenio/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 2 Releases Packages Wiki Activity Actions
nixos-config/scripts/_docker-block-external-connections

33 lines
928 B
Bash
Executable file
Raw Blame History

#!/bin/sh
# Create the DOCKER-USER chain if it doesn't exist
iptables -N DOCKER-USER || true
# Flush existing rules in the DOCKER-USER chain
iptables -F DOCKER-USER
# Get all external network interfaces
interfaces=$(
ip -o -f inet addr show |
awk '{print $2}' |
grep -E '^(enp|eth|wlan|wlp)' |
sort -u
)
for iface in $interfaces; do
# Allow traffic from LAN
iptables -A DOCKER-USER -i "$iface" -s 127.0.0.1 -j ACCEPT
iptables -A DOCKER-USER -i "$iface" -s 10.0.0.0/8 -j ACCEPT
iptables -A DOCKER-USER -i "$iface" -s 192.168.0.0/16 -j ACCEPT
# Allow established and related connections
iptables -A DOCKER-USER -i "$iface" -m state --state RELATED,ESTABLISHED -j ACCEPT
# Drop all other traffic
iptables -A DOCKER-USER -i "$iface" -j DROP
echo "iptables rules have been set up for interface: $iface"
done
# Return to the previous chain
iptables -A DOCKER-USER -j RETURN
Reference in a new issue View git blame Copy permalink