From 3d6896cdd1c8312f44fd54013c76888cf6a3948d Mon Sep 17 00:00:00 2001
From: Chai Feng <chaifeng@chaifeng.com>
Date: Sun, 29 Sep 2024 10:22:50 +0800
Subject: [PATCH 1/8] Update Bach to the latest unreleased version

---
 test/bach               | 2 +-
 test/ufw-docker.test.sh | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/test/bach b/test/bach
index 447edb6..27885eb 160000
--- a/test/bach
+++ b/test/bach
@@ -1 +1 @@
-Subproject commit 447edb60db232d3dbc2267f37c49bd7a070cc83d
+Subproject commit 27885eb79c11e4652dede994c886ae5f9e30994f
diff --git a/test/ufw-docker.test.sh b/test/ufw-docker.test.sh
index 45ec074..73ca3f7 100755
--- a/test/ufw-docker.test.sh
+++ b/test/ufw-docker.test.sh
@@ -18,7 +18,7 @@ source "$working_dir"/bach/bach.sh
     @mocktrue docker -v
     @mock docker -v === @stdout Docker version 0.0.0, build dummy
 
-    @ignore remove_blank_lines
+    @mockpipe remove_blank_lines
     @ignore echo
     @ignore err
 
@@ -465,7 +465,7 @@ test-ufw-docker--instance-name-found-a-name() {
 }
 test-ufw-docker--instance-name-found-a-name-assert() {
     docker inspect --format="{{.Name}}" foo
-    echo -n foo
+    @dryrun echo -n foo
 }
 
 
@@ -557,7 +557,7 @@ test-ufw-docker--list-number-assert() {
 
 test-ufw-docker--delete-empty-result() {
     @mock ufw-docker--list-number webapp 80 tcp === @stdout ""
-    @mock sort -rn
+    @mockpipe sort -rn
 
     load-ufw-docker-function ufw-docker--delete
     ufw-docker--delete webapp 80 tcp
@@ -569,7 +569,7 @@ test-ufw-docker--delete-empty-result-assert() {
 
 test-ufw-docker--delete-all() {
     @mock ufw-docker--list-number webapp 80 tcp === @stdout 5 8 9
-    @mock sort -rn
+    @mockpipe sort -rn
 
     load-ufw-docker-function ufw-docker--delete
     ufw-docker--delete webapp 80 tcp

From 1fa425bf170dc9da75dce2b8bec643e9f65a33fe Mon Sep 17 00:00:00 2001
From: Chai Feng <chaifeng@chaifeng.com>
Date: Fri, 8 Nov 2024 10:25:22 +0800
Subject: [PATCH 2/8] Add node-internal

---
 Vagrantfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Vagrantfile b/Vagrantfile
index ced906d..82eb229 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -202,6 +202,11 @@ DOCKERFILE
     end
   end
 
+  config.vm.define "node-internal" do |node|
+    node.vm.hostname = "node-internal"
+    node.vm.network "private_network", ip: "#{ip_prefix}.142"
+  end
+
   config.vm.define "external" do |external|
     external.vm.hostname = "external"
     external.vm.network "private_network", ip: "#{ip_prefix}.127"

From 9474084f3fd9d926c57d552655534be6a152737f Mon Sep 17 00:00:00 2001
From: Chai Feng <chaifeng@chaifeng.com>
Date: Mon, 11 Nov 2024 18:07:06 +0800
Subject: [PATCH 3/8] Update Dockerfile with improved version matching

---
 Dockerfile | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index eee76c2..f8e5fd9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 
-ARG docker_version="20.10.17"
+ARG docker_version="27.3.1"
 
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update \
@@ -12,8 +12,7 @@ RUN apt-get update \
             | tee /etc/apt/sources.list.d/docker.list > /dev/null \
     && apt-get update \
     && apt-get install -y --no-install-recommends locales ufw \
-    && ( apt-get install -y --no-install-recommends "docker-ce=5:${docker_version}~*" || \
-         apt-get install -y --no-install-recommends "docker-ce=${docker_version}~*" ) \
+    && apt-get install -y --no-install-recommends "docker-ce=$(apt-cache madison docker-ce | grep -m1 -F "${docker_version}" | cut -d'|' -f2 | tr -d '[[:blank:]]')" \
     && locale-gen en_US.UTF-8 \
     && apt-get clean autoclean \
     && apt-get autoremove --yes \

From c9547cb4eccf9542dda9a5568b705cadd8db4f7b Mon Sep 17 00:00:00 2001
From: Chai Feng <chaifeng@chaifeng.com>
Date: Mon, 11 Nov 2024 18:08:27 +0800
Subject: [PATCH 4/8] Refactor Vagrantfile with getting docker version
 automatically

---
 Vagrantfile | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 82eb229..ee11fa8 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -6,16 +6,15 @@
 ENV['VAGRANT_NO_PARALLEL']="true"
 
 Vagrant.configure('2') do |config|
-
-  docker_version = "20.10.17"
-
   ubuntu_version = File.readlines("Dockerfile").filter { |line|
     line.start_with?("FROM ")
   }.first.match(/\d\d\.\d\d/)[0]
 
-  config.vm.box = "chaifeng/ubuntu-#{ubuntu_version}-docker-#{docker_version}#{(`uname -m`.strip == "arm64")?"-arm64":""}"
+  docker_version = File.readlines("Dockerfile").filter { |line|
+    line.start_with?("ARG docker_version=")
+  }.first.match(/"([\d\.]+)"/)[1]
 
-  #config.vm.box = "chaifeng/ubuntu-20.04-docker-20.10.17#{(`uname -m`.strip == "arm64")?"-arm64":""}"
+  config.vm.box = "chaifeng/ubuntu-#{ubuntu_version}-docker-#{docker_version}"
 
   config.vm.provider 'virtualbox' do |vb|
     vb.memory = '1024'
@@ -178,9 +177,10 @@ DOCKERFILE
 
         ufw-docker service allow public_service 80/tcp
 
-        docker service create --name "public_multiport" \
-            --publish "40080:80" --publish "47000:7000" --publish "48080:8080" \
-            --env name="public_multiport" --replicas 3 #{private_registry}/chaifeng/hostname-webapp
+        docker service inspect "public_multiport" ||
+            docker service create --name "public_multiport" \
+                --publish "40080:80" --publish "47000:7000" --publish "48080:8080" \
+                --env name="public_multiport" --replicas 3 #{private_registry}/chaifeng/hostname-webapp
 
         ufw-docker service allow public_multiport 80/tcp
         ufw-docker service allow public_multiport 8080/tcp

From 8f9335326fed4366770620e3fe6cc5d8570c5688 Mon Sep 17 00:00:00 2001
From: Chai Feng <chaifeng@chaifeng.com>
Date: Mon, 13 Jan 2025 11:01:15 +0800
Subject: [PATCH 5/8] Build multi-arch docker images

---
 .github/workflows/build.yml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 .github/workflows/build.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..bcf0c20
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,34 @@
+name: ci
+
+on:
+  push:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ vars.DOCKERHUB_USERNAME }}/ufw-docker-agent
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64/v8
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file

From 5908cde29662b70c0be44ea33313a0ebeb61fd84 Mon Sep 17 00:00:00 2001
From: Chai Feng <chaifeng@chaifeng.com>
Date: Mon, 13 Jan 2025 11:24:08 +0800
Subject: [PATCH 6/8] Update github actions that build docker iamges

---
 .github/workflows/build.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index bcf0c20..dd8b45e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: ci
+name: Build Images
 
 on:
   push:
@@ -7,10 +7,11 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - name: Login to Docker Hub
+      - name: Log into DockerHub
+        if: github.event_name != 'pull_request'
         uses: docker/login-action@v3
         with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
+          username: ${{ github.actor }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Set up QEMU
@@ -31,4 +32,4 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           platforms: linux/amd64,linux/arm64/v8
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file
+          labels: ${{ steps.meta.outputs.labels }}

From 1a51b59cf871f9536bc803ed0e48521f2cc8e2a5 Mon Sep 17 00:00:00 2001
From: Chai Feng <chaifeng@chaifeng.com>
Date: Mon, 13 Jan 2025 11:31:05 +0800
Subject: [PATCH 7/8] Update build docker image actions, fix username

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index dd8b45e..7d77234 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -24,7 +24,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ vars.DOCKERHUB_USERNAME }}/ufw-docker-agent
+          images: ${{ github.actor }}/ufw-docker-agent
 
       - name: Build and push
         uses: docker/build-push-action@v6

From 276324acf0698f77d64d8e1535ffcb3a62f34f03 Mon Sep 17 00:00:00 2001
From: Chai Feng <chaifeng@chaifeng.com>
Date: Sat, 28 Jun 2025 09:19:14 +0800
Subject: [PATCH 8/8] Update Dockerfile, add support for iptables legacy mode
 via a build arg

---
 Dockerfile  | 10 ++++++++++
 Vagrantfile | 13 +++++++------
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f8e5fd9..b63c63e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,7 @@
 FROM ubuntu:24.04
 
 ARG docker_version="27.3.1"
+ARG use_iptables_legacy=false
 
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update \
@@ -14,6 +15,15 @@ RUN apt-get update \
     && apt-get install -y --no-install-recommends locales ufw \
     && apt-get install -y --no-install-recommends "docker-ce=$(apt-cache madison docker-ce | grep -m1 -F "${docker_version}" | cut -d'|' -f2 | tr -d '[[:blank:]]')" \
     && locale-gen en_US.UTF-8 \
+    && if "$use_iptables_legacy"; then \
+          apt-get -y install arptables ebtables \
+          && update-alternatives --install /usr/sbin/arptables arptables /usr/sbin/arptables-legacy 100 \
+          && update-alternatives --install /usr/sbin/ebtables ebtables /usr/sbin/ebtables-legacy 100 \
+          && update-alternatives --set iptables /usr/sbin/iptables-legacy \
+          && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \
+          && update-alternatives --set arptables /usr/sbin/arptables-legacy \
+          && update-alternatives --set ebtables /usr/sbin/ebtables-legacy; \
+       fi \
     && apt-get clean autoclean \
     && apt-get autoremove --yes \
     && rm -rf /var/lib/{apt,dpkg,cache,log}/
diff --git a/Vagrantfile b/Vagrantfile
index ee11fa8..7e69446 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -87,12 +87,13 @@ Vagrant.configure('2') do |config|
             daemonize: true
     end
 
-    ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test-legacy"
+    ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test"
 
     master.vm.provision "docker-build-ufw-docker-agent", preserve_order: true, type: 'shell', inline: <<-SHELL
-      set -euo pipefail
+      set -xeuo pipefail
       suffix="$(iptables --version | grep -o '\\(nf_tables\\|legacy\\)')"
-      docker build -t "#{ufw_docker_agent_image}-${suffix}" /vagrant
+      if [[ "$suffix" = legacy ]]; then use_iptables_legacy=true; else use_iptables_legacy=false; fi
+      docker build --build-arg use_iptables_legacy="${use_iptables_legacy:-false}" -t "#{ufw_docker_agent_image}-${suffix}" /vagrant
       docker push "#{ufw_docker_agent_image}-${suffix}"
 
       echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}-${suffix}" > /etc/profile.d/ufw-docker.sh
@@ -115,10 +116,10 @@ Vagrant.configure('2') do |config|
         docker build -t #{private_registry}/chaifeng/hostname-webapp - <<\\DOCKERFILE
 FROM httpd:alpine
 
+RUN printf "Listen %s\\n" 7000 8080 >> /usr/local/apache2/conf/httpd.conf
+
 RUN { echo '#!/bin/sh'; \\
     echo 'set -e; (echo -n "${name:-Hi} "; hostname;) > /usr/local/apache2/htdocs/index.html'; \\
-    echo 'grep "^Listen 7000" || echo Listen 7000 >> /usr/local/apache2/conf/httpd.conf'; \\
-    echo 'grep "^Listen 8080" || echo Listen 8080 >> /usr/local/apache2/conf/httpd.conf'; \\
     echo 'exec "$@"'; \\
     } > /entrypoint.sh; chmod +x /entrypoint.sh
 
@@ -187,7 +188,7 @@ DOCKERFILE
     SHELL
   end
 
-  1.upto 2 do |ip|
+  1.upto 1 do |ip|
     config.vm.define "node#{ip}" do | node |
       node.vm.hostname = "node#{ip}"
       node.vm.network "private_network", ip: "#{ip_prefix}.#{ 130 + ip }"