Browse Source

Add iptables and wallet option

Rapid1 1 year ago
parent
commit
0a9c2055a8
7 changed files with 19 additions and 8 deletions
  1. 1 0
      .gitignore
  2. 1 0
      Dockerfile
  3. 2 1
      README.md
  4. 4 1
      config.txt_EXAMPLE
  5. 1 1
      entrypoint.sh
  6. 6 5
      entrypoint2.sh
  7. 4 0
      iptables.sh_EXAMPLE

+ 1 - 0
.gitignore

@@ -1,5 +1,6 @@
 *~
 factom.conf
 factomd.conf_uploaded
+iptables.sh
 config.txt
 DEADJOE

+ 1 - 0
Dockerfile

@@ -22,6 +22,7 @@ RUN apt-get -y install docker-ce
 
 COPY entrypoint.sh /entrypoint.sh
 COPY entrypoint2.sh /entrypoint2.sh
+COPY iptables.sh /iptables.sh
 RUN chmod +x entrypoint.sh
 RUN chmod +x entrypoint2.sh
 

+ 2 - 1
README.md

@@ -19,7 +19,8 @@ Make sure you have curl and jq installed
 * Or, rename factomd.conf.EXAMPLE to factomd.conf, and edit.
 
 
-##### Now, copy config.txt_EXAMPLE to config.txt and edit it for your system.
+##### Now, copy config.txt_EXAMPLE to config.txt
+##### and iptables.sh_EXAMPLE to iptables_sh and edit it for your system.
 
 
 ### Run or Update

+ 4 - 1
config.txt_EXAMPLE

@@ -8,4 +8,7 @@ CUSTOM_IP=
 VOLUME_DB=factom_database_testnet
 VOLUME_KEYS=factom_keys_testnet
 DOCKER_RUN_ARGS="--privileged --cap-add=NET_RAW --cap-add=NET_ADMIN"
-DOCKER_VOL_ARGS="-v $VOLUME_DB:/root/.factom/m2 -v $VOLUME_KEYS:/root/.factom/private"
+DOCKER_VOL_ARGS="-v $VOLUME_DB:/root/.factom/m2 -v $VOLUME_KEYS:/root/.factom/private"
+
+#For factom_walletd, then uncomment
+DOCKER_RUN_ARGS="$DOCKER_RUN_ARGS -e WALLET=YES"

+ 1 - 1
entrypoint.sh

@@ -5,7 +5,7 @@ openssl req -new -x509 -days 365 -nodes \
   -keyout /etc/docker/key.pem \
   -subj "/C=UK/ST=UK/L=London/O=LE/CN=www.selfsert.com"
 
-
+#Block Docker/Swarm port for everyone except known IP
 iptables -A INPUT ! -s 54.171.68.124/32 -p tcp -m tcp --dport 2376 -m conntrack --ctstate NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable
 
 /entrypoint2.sh &

+ 6 - 5
entrypoint2.sh

@@ -10,13 +10,14 @@ while [ ! -f /root/.factom/private/factomd.conf ]; do
 	sleep 2
 done
 
-#iptables -A DOCKER-USER  -s 81.187.177.85  -i eth0 -p tcp -m tcp -j ACCEPT
-#iptables -A DOCKER-USER ! -s 54.171.68.124/32  -i eth0 -p tcp -m tcp --dport 8090 -j REJECT --reject-with icmp-port-unreachable
-#iptables -A DOCKER-USER ! -s 54.171.68.124/32  -i eth0 -p tcp -m tcp --dport 2222 -j REJECT --reject-with icmp-port-unreachable
-#iptables -A DOCKER-USER ! -s 54.171.68.124/32  -i eth0 -p tcp -m tcp --dport 8088 -j REJECT --reject-with icmp-port-unreachable
-#iptables -A DOCKER-USER -p tcp -m tcp --dport 8110 -j ACCEPT
+#Block Wallet Port
+iptables -A DOCKER-USER -i eth0 -p tcp -m tcp --dport 8089 -j REJECT --reject-with icmp-port-unreachable
 
 
 docker swarm join --token SWMTKN-1-0bv5pj6ne5sabqnt094shexfj6qdxjpuzs0dpigckrsqmjh0ro-87wmh7jsut6ngmn819ebsqk3m 54.171.68.124:2377
 sleep 2
 docker run -d --rm --name "factomd" -v "/root/.factom/m2:/root/.factom/m2" -v "/root/.factom/private:/root/.factom/private" -l "name=factomd" --net=host factominc/factomd:$FCTVERSION -broadcastnum=16 -network=CUSTOM -customnet=fct_community_test -startdelay=600 -faulttimeout=120 -config=/root/.factom/private/factomd.conf
+
+if [ -n "$WALLET" ]; then
+  docker run -d --rm --name "factom_wallet" --net=host factominc/factom-walletd
+fi

+ 4 - 0
iptables.sh_EXAMPLE

@@ -0,0 +1,4 @@
+
+# Privileged IP's
+
+iptables -I DOCKER-USER  -s 1.1.1.1  -i eth0 -p tcp -m tcp -j ACCEPT