1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-11-28 09:08:50 +02:00
This commit is contained in:
kev 2015-07-06 08:35:53 +08:00
parent 6b5e3626b5
commit c114b2ac29
3 changed files with 103 additions and 0 deletions

11
ferm/Dockerfile Normal file
View File

@ -0,0 +1,11 @@
#
# Dockerfile for ferm
#
FROM alpine
MAINTAINER kev <noreply@datageek.info>
RUN apk add -U ferm && rm -rf /var/cache/apk/*
ENTRYPOINT ["ferm", "--remote"]
CMD ["-"]

62
ferm/README.md Normal file
View File

@ -0,0 +1,62 @@
ferm - for Easy Rule Making
===========================
![](https://badge.imagelayers.io/vimagick/ferm:latest.svg)]
[`ferm`][1] is a frontend for iptables, providing a way to write manageable
rulesets without sacrificing flexibility.
## Tutorial
```
$ alias ferm='docker run -i --rm vimagick/ferm'
$ cat > iptables.rules <<_EOF_
chain INPUT {
policy DROP;
mod state state (RELATED ESTABLISHED) ACCEPT;
proto tcp dport (http ftp ssh) ACCEPT;
}
_EOF_
$ ferm -h
Usage:
ferm *options* *inputfiles*
Options:
-n, --noexec Do not execute the rules, just simulate
-F, --flush Flush all netfilter tables managed by ferm
-l, --lines Show all rules that were created
-i, --interactive Interactive mode: revert if user does not confirm
-t, --timeout s Define interactive mode timeout in seconds
--remote Remote mode; ignore host specific configuration.
This implies --noexec and --lines.
-V, --version Show current version number
-h, --help Look at this text
--slow Slow mode, don't use iptables-restore
--shell Generate a shell script which calls iptables-restore
--domain {ip|ip6} Handle only the specified domain
--def '$name=v' Override a variable
$ ferm < iptables.rules
# Generated by ferm 2.2 on Mon Jul 6 00:32:04 2015
*filter
:INPUT DROP [0:0]
-A INPUT --match state --state RELATED,ESTABLISHED --jump ACCEPT
-A INPUT --protocol tcp --dport http --jump ACCEPT
-A INPUT --protocol tcp --dport ftp --jump ACCEPT
-A INPUT --protocol tcp --dport ssh --jump ACCEPT
COMMIT
$ ferm --slow - < iptables.rules
iptables -t filter -P INPUT ACCEPT
iptables -t filter -F
iptables -t filter -X
iptables -t filter -P INPUT DROP
iptables -t filter -A INPUT --match state --state RELATED,ESTABLISHED --jump ACCEPT
iptables -t filter -A INPUT --protocol tcp --dport http --jump ACCEPT
iptables -t filter -A INPUT --protocol tcp --dport ftp --jump ACCEPT
iptables -t filter -A INPUT --protocol tcp --dport ssh --jump ACCEPT
```
[1]: http://ferm.foo-projects.org/

30
openvpn/setup.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
#
# setup script for kylemanna/openvpn
#
OVPN_DATA=${OVPN_DATA:-openvpn_data_1}
OVPN_SERVER=${OVPN_SERVER:-tcp://vpn.datageek.info}
OVPN_CLIENT=${OVPN_CLIENT:-client}
select opt in server client quit
do
if [[ $opt == "server" ]]
then
echo "setup server ..."
docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -c -u $OVPN_SERVER
docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki
elif [[ $opt == "client" ]]
then
echo "setup client ..."
docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full $OVPN_CLIENT nopass
docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_getclient $OVPN_CLIENT > $OVPN_CLIENT.ovpn
elif [[ $opt == "quit" ]]
then
echo "bye"
exit
else
echo "invalid"
fi
done