From 2c5391dcecf137c37e7dfa66b008f5ce32e97733 Mon Sep 17 00:00:00 2001
From: Chai Feng <chaifeng@chaifeng.com>
Date: Wed, 3 Oct 2018 09:11:55 +0800
Subject: [PATCH] check published port of a service

---
 ufw-docker | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/ufw-docker b/ufw-docker
index d907be8..5b98eef 100755
--- a/ufw-docker
+++ b/ufw-docker
@@ -130,6 +130,19 @@ function ufw-docker--service-allow() {
         return 1
     fi
 
+    declare port="${service_port%/*}"
+    declare proto="(tcp|udp)"
+    [[ "$service_port" = */* ]] && proto="${service_port#*/}"
+
+    if ! docker service inspect "$service_name" \
+         --format '{{range .Endpoint.Spec.Ports}}{{.TargetPort}}/{{.Protocol}}{{end}}' |
+            grep -E "^${port}/${proto}\$"; then
+        die "Service $service_name does not publish port $service_port."
+        return 1
+    fi
+
+    service_label="ufw.public.${service_name}=${service_port}"
+
 }
 
 function ufw-docker--install() {