2015-09-26 17:46:38 +02:00
|
|
|
#
|
|
|
|
|
# Dockerfile for iptables
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
FROM alpine
|
2017-05-08 01:05:07 +02:00
|
|
|
MAINTAINER kev <noreply@easypi.pro>
|
2015-09-26 17:46:38 +02:00
|
|
|
|
2016-09-02 12:41:23 +02:00
|
|
|
RUN apk add -U iproute2 && ln -s /usr/lib/tc /lib/tc
|
2015-09-26 17:46:38 +02:00
|
|
|
|
2015-09-29 09:30:08 +02:00
|
|
|
ENV LIMIT_PORT 8388
|
|
|
|
|
ENV LIMIT_CONN 5
|
2015-09-26 17:46:38 +02:00
|
|
|
ENV TCP_PORTS 80,443
|
|
|
|
|
ENV UDP_PORTS 53
|
|
|
|
|
ENV RATE 1mbit
|
2015-09-27 04:38:41 +02:00
|
|
|
ENV BURST 1kb
|
2015-09-26 17:46:38 +02:00
|
|
|
ENV LATENCY 50ms
|
|
|
|
|
ENV INTERVAL 60
|
|
|
|
|
|
|
|
|
|
CMD iptables -F \
|
2015-09-29 09:30:08 +02:00
|
|
|
&& iptables -A INPUT -p tcp -m state --state NEW --dport $LIMIT_PORT -m connlimit --connlimit-above $LIMIT_CONN -j DROP \
|
2015-09-26 17:46:38 +02:00
|
|
|
&& iptables -A OUTPUT -p tcp -m state --state NEW -m multiport ! --dports $TCP_PORTS -j DROP \
|
|
|
|
|
&& iptables -A OUTPUT -p udp -m state --state NEW -m multiport ! --dports $UDP_PORTS -j DROP \
|
|
|
|
|
&& tc qdisc add dev eth0 root tbf rate $RATE burst $BURST latency $LATENCY \
|
|
|
|
|
&& watch -n $INTERVAL tc -s qdisc ls dev eth0
|
