| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- #!/bin/sh /etc/rc.common
- START=99
- DOCKERD_CONF="/etc/docker/daemon.json"
- config_load dockerman
- config_get daemon_ea "local" daemon_ea
- init_dockerman_chain(){
- iptables -N DOCKER-MAN >/dev/null 2>&1
- iptables -F DOCKER-MAN >/dev/null 2>&1
- iptables -D DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1
- iptables -I DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1
- }
- add_allowed_interface(){
- iptables -A DOCKER-MAN -i $1 -o docker0 -j RETURN
- }
- add_allowed_ip(){
- iptables -A DOCKER-MAN -d $1 -o docker0 -j RETURN
- }
- handle_allowed_interface(){
- #config_list_foreach "local" allowed_ip add_allowed_ip
- config_list_foreach "local" ac_allowed_interface add_allowed_interface
- iptables -A DOCKER-MAN -m conntrack --ctstate ESTABLISHED,RELATED -o docker0 -j RETURN >/dev/null 2>&1
- iptables -A DOCKER-MAN -m conntrack --ctstate NEW,INVALID -o docker0 -j DROP >/dev/null 2>&1
- iptables -A DOCKER-MAN -j RETURN >/dev/null 2>&1
- }
- start(){
- [ ! -x "/etc/init.d/dockerd" ] && return 0
- init_dockerman_chain
- if [ -n "$daemon_ea" ]; then
- handle_allowed_interface
- lua /usr/share/dockerman/dockerd-config.lua "$DOCKERD_CONF" && /etc/init.d/dockerd restart && sleep 5 || {
- # 1 running, 0 stopped
- STATE=$([ -n "$(ps |grep /usr/bin/dockerd | grep -v grep)" ] && echo 1 || echo 0)
- [ "$STATE" == "0" ] && /etc/init.d/dockerd start && sleep 5
- }
- lua /usr/share/dockerman/dockerd-ac.lua
- else
- /etc/init.d/dockerd stop
- fi
- }
|
