Added optional whitelist feature

2023-04-21 11:43:22 +02:00 · 2023-04-21 11:43:22 +02:00 · ade06e1945
commit ade06e1945
parent 4da32724dc
6 changed files with 39 additions and 5 deletions
--- a/11
+++ b/11
@ -1,9 +1,10 @@
-FROM --platform=linux/amd64 debian:latest
+FROM --platform=linux/amd64 ubuntu:22.04

 # Install dependencies
 RUN apt-get update && apt-get install -y \
    screen \
    curl \
+    ufw \
    && rm -rf /var/lib/apt/lists/*

 # Create user
@ -14,8 +15,12 @@ RUN su rexuiz -c 'curl https://raw.githubusercontent.com/kasymovga/rexuiz/master
 RUN su rexuiz -c 'bash /home/rexuiz/rexuiz_install.sh /home/rexuiz/Rexuiz/'
 RUN su rexuiz -c 'chmod 755 /home/rexuiz/Rexuiz/server/rexuiz-linux-dedicated-x86_64'

+# Copy run script
+COPY run-rexuiz.sh /usr/local/bin/run-rexuiz.sh
+RUN chmod +x /usr/local/bin/run-rexuiz.sh
+
 # Expose server port
 EXPOSE 26000/udp

-# Start server
-CMD ["su", "rexuiz", "-c", "/home/rexuiz/Rexuiz/server/rexuiz-linux-dedicated-x86_64"]
+# Start server with run script
+CMD ["/usr/local/bin/run-rexuiz.sh"]
--- a/2
+++ b/2
@ -6,7 +6,7 @@ build:
 	docker build -t $(IMAGE_NAME) .

 run:
-	docker compose up
+	docker-compose up

 clean:
 	rm -rf config/*
--- a/config/allowed_ips.txt
+++ b/config/allowed_ips.txt
--- a/config/server.cfg
+++ b/config/server.cfg
@ -8,6 +8,9 @@
 hostname "Some Awesome Server Name"
 motd "Welcome to this server"

+// States if the server is public or not
+sv_public 0
+
 //Network settings
 port 26000
 net_http_server 1 //use embedded http server
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,7 +1,11 @@
 version: '3'
 services:
  rexuiz:
-    image: rexuiz-server
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      - WHITELIST_ENABLED=true
    volumes:
      - ./config:/home/rexuiz/.rexuiz/data
    ports:
--- a/run-rexuiz.sh
+++ b/run-rexuiz.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+
+if [ "$WHITELIST_ENABLED" = "true" ]; then
+    # Load in allowed IPs from file
+    mapfile -t allowed_ips < /home/rexuiz/.rexuiz/data/allowed_ips.txt
+
+    # Enable UFW firewall
+    ufw --force reset
+    ufw default deny incoming
+    ufw default allow outgoing
+
+    # Allow specified IPs
+    for ip in "${allowed_ips[@]}"
+    do
+        ufw allow from "$ip" to any port 26000 proto udp
+    done
+
+    ufw --force enable
+fi
+
+# Start server
+su rexuiz -c "/home/rexuiz/Rexuiz/server/rexuiz-linux-dedicated-x86_64"