fz0x1/ufw-docker
1
0
Fork 0
mirror of https://github.com/chaifeng/ufw-docker.git synced 2025-07-09 19:16:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Support multiple ports in ufw-docker service allow

Browse source
This commit is contained in:
Chai Feng 2025-07-08 16:17:50 +08:00
parent 359d20d87c
commit b06afc13ef
No known key found for this signature in database
GPG key ID: 2DCD9A24E523FFD2
7 changed files with 611 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

20
docker-entrypoint.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
set -euo pipefail
[[ -n "${DEBUG:-}" ]] && set -x
[[ "${DEBUG:-}" = true ]] && set -x
[[ 0 -eq "$#" ]] && set -- start
ufw_docker_agent=ufw-docker-agent
@ -10,8 +10,12 @@ function ufw-allow-or-deny-service() {
declare id="$1"
declare port="$2"
if [[ "$port" = deny ]]; then
run-ufw-docker delete allow "$id"
if [[ "$port" = deny || "$port" = */deny ]]; then
port="${port%deny}"
port="${port%/}"
declare -a opts=("$id")
[[ -z "$port" ]] || opts+=("$port")
run-ufw-docker delete allow "${opts[@]}"
else
run-ufw-docker add-service-rule "$id" "$port"
fi
@ -22,8 +26,14 @@ function update-ufw-rules() {
-e 's/^declare -x ufw_public_//' \
-e 's/="/ /' \
-e 's/"$//' |
while read -r id port; do
ufw-allow-or-deny-service "${id}" "${port#*/}"
while read -r id ruleset; do
declare -a rules=( $(tr ',' '\n' <<< "$ruleset") )
for rule in "${rules[@]}"; do
[[ "$rule" = */deny ]] && ufw-allow-or-deny-service "${id}" "${rule#*/}"
done
for rule in "${rules[@]}"; do
[[ "$rule" = */deny ]] || ufw-allow-or-deny-service "${id}" "${rule#*/}"
done
done
}