vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adds additional Docker firewall rules to enhance container communication

Browse Source
This commit is contained in:
Menno van Leeuwen 2024-11-16 02:48:28 +01:00
parent 4e169b6668
commit 9b1ceddeb7
Signed by: vleeuwenmenno
SSH Key Fingerprint: SHA256:OJFmjANpakwD3F2Rsws4GLtbdz1TJ5tkQF0RZmF0TRE
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
config/nixos/common/server.nix
View File

@ -61,7 +61,6 @@
"enp39s0".allowedTCPPorts = internalPorts; "enp39s0".allowedTCPPorts = internalPorts;
}; };
# Additional firewall rules
extraCommands = '' extraCommands = ''
# Allow established connections # Allow established connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
@ -71,10 +70,19 @@
iptables -A INPUT -i tailscale0 -j ACCEPT iptables -A INPUT -i tailscale0 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT
# Allow all Docker-related traffic
iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT # Covers all Docker network ranges
iptables -A FORWARD -s 172.16.0.0/12 -j ACCEPT
iptables -A FORWARD -d 172.16.0.0/12 -j ACCEPT
# Allow Docker container communication # Allow Docker container communication
iptables -A DOCKER-USER -i docker0 -o docker0 -j ACCEPT iptables -A DOCKER-USER -i docker0 -o docker0 -j ACCEPT
'';
# Allow traffic between different Docker networks
iptables -A FORWARD -i br-* -o br-* -j ACCEPT
iptables -A FORWARD -i docker0 -o br-* -j ACCEPT
iptables -A FORWARD -i br-* -o docker0 -j ACCEPT
'';
# Required for Tailscale # Required for Tailscale
checkReversePath = "loose"; checkReversePath = "loose";
}; };