From ade06e1945365dbea78b693a9e40e79144125195 Mon Sep 17 00:00:00 2001
From: Menno van Leeuwen <menno@vleeuwen.me>
Date: Fri, 21 Apr 2023 11:43:22 +0200
Subject: [PATCH] Added optional whitelist feature

---
 Dockerfile             | 11 ++++++++---
 Makefile               |  2 +-
 config/allowed_ips.txt |  0
 config/server.cfg      |  3 +++
 docker-compose.yml     |  6 +++++-
 run-rexuiz.sh          | 22 ++++++++++++++++++++++
 6 files changed, 39 insertions(+), 5 deletions(-)
 create mode 100644 config/allowed_ips.txt
 create mode 100644 run-rexuiz.sh

diff --git a/Dockerfile b/Dockerfile
index 43196b1..d1af80e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,10 @@
-FROM --platform=linux/amd64 debian:latest
+FROM --platform=linux/amd64 ubuntu:22.04
 
 # Install dependencies
 RUN apt-get update && apt-get install -y \
     screen \
     curl \
+    ufw \
     && rm -rf /var/lib/apt/lists/*
 
 # Create user
@@ -14,8 +15,12 @@ RUN su rexuiz -c 'curl https://raw.githubusercontent.com/kasymovga/rexuiz/master
 RUN su rexuiz -c 'bash /home/rexuiz/rexuiz_install.sh /home/rexuiz/Rexuiz/'
 RUN su rexuiz -c 'chmod 755 /home/rexuiz/Rexuiz/server/rexuiz-linux-dedicated-x86_64'
 
+# Copy run script
+COPY run-rexuiz.sh /usr/local/bin/run-rexuiz.sh
+RUN chmod +x /usr/local/bin/run-rexuiz.sh
+
 # Expose server port
 EXPOSE 26000/udp
 
-# Start server
-CMD ["su", "rexuiz", "-c", "/home/rexuiz/Rexuiz/server/rexuiz-linux-dedicated-x86_64"]
+# Start server with run script
+CMD ["/usr/local/bin/run-rexuiz.sh"]
diff --git a/Makefile b/Makefile
index 59c7b24..d70a4ba 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ build:
 	docker build -t $(IMAGE_NAME) .
 
 run:
-	docker compose up
+	docker-compose up
 
 clean:
 	rm -rf config/*
diff --git a/config/allowed_ips.txt b/config/allowed_ips.txt
new file mode 100644
index 0000000..e69de29
diff --git a/config/server.cfg b/config/server.cfg
index b9b0cbd..62ade46 100644
--- a/config/server.cfg
+++ b/config/server.cfg
@@ -8,6 +8,9 @@
 hostname "Some Awesome Server Name"
 motd "Welcome to this server"
 
+// States if the server is public or not
+sv_public 0
+
 //Network settings
 port 26000
 net_http_server 1 //use embedded http server
diff --git a/docker-compose.yml b/docker-compose.yml
index 31f2206..4823c80 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,11 @@
 version: '3'
 services:
   rexuiz:
-    image: rexuiz-server
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      - WHITELIST_ENABLED=true
     volumes:
       - ./config:/home/rexuiz/.rexuiz/data
     ports:
diff --git a/run-rexuiz.sh b/run-rexuiz.sh
new file mode 100644
index 0000000..45725ce
--- /dev/null
+++ b/run-rexuiz.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+if [ "$WHITELIST_ENABLED" = "true" ]; then
+    # Load in allowed IPs from file
+    mapfile -t allowed_ips < /home/rexuiz/.rexuiz/data/allowed_ips.txt
+
+    # Enable UFW firewall
+    ufw --force reset
+    ufw default deny incoming
+    ufw default allow outgoing
+
+    # Allow specified IPs
+    for ip in "${allowed_ips[@]}"
+    do
+        ufw allow from "$ip" to any port 26000 proto udp
+    done
+
+    ufw --force enable
+fi
+
+# Start server
+su rexuiz -c "/home/rexuiz/Rexuiz/server/rexuiz-linux-dedicated-x86_64"