-
Notifications
You must be signed in to change notification settings - Fork 0
/
build_network.sh
executable file
·37 lines (29 loc) · 1.14 KB
/
build_network.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/usr/bin/env bash
source ./utils.sh
sudo iptables-restore < default-routes.txt
for server in $(ls configs); do
# Ignore .py files
if [[ "$server" == *.py ]]; then
continue
fi
source ./configs/$server
# Ignore files with IGNORE=true
if [[ "$IGNORE" == "true" ]]; then
continue
fi
echo $SERVER_NAME $SERVER_SUBNET
RUN "docker network rm ${SERVER_NAME}" -nc
RUN "docker network create --subnet=${SERVER_SUBNET} ${SERVER_NAME}"
# General policy
RUN "sudo iptables -I FORWARD -s ${SERVER_SUBNET} -j DROP"
RUN "sudo iptables -I INPUT -s ${SERVER_SUBNET} -j DROP"
RUN "sudo iptables -I OUTPUT -s ${SERVER_SUBNET} -j DROP"
# Connect to server
RUN "sudo iptables -I FORWARD -s ${SERVER_IP} -j ACCEPT"
RUN "sudo iptables -I INPUT -s ${SERVER_IP} -j ACCEPT"
RUN "sudo iptables -I OUTPUT -s ${SERVER_IP} -j ACCEPT"
# Connect to server
RUN "sudo iptables -I FORWARD -s ${SERVER_SUBNET} -d ${SERVER_IP} -j ACCEPT"
RUN "sudo iptables -I INPUT -s ${SERVER_SUBNET} -d ${SERVER_IP} -j ACCEPT"
RUN "sudo iptables -I OUTPUT -s ${SERVER_SUBNET} -d ${SERVER_IP} -j ACCEPT"
done