skip IPv6 addresses in Docker section

2022-03-16 23:46:38 +01:00 · 2022-03-16 23:46:38 +01:00 · 0c36bef2aa
parent 434f8e1905
commit 0c36bef2aa
1 changed files with 18 additions and 6 deletions
--- a/24
+++ b/24
@ -478,34 +478,46 @@ start() {
        # Privileged services (accessible from privileged & trusted IPs)
        for dstport in ${SERVICESTCP2}; do
            for srcip in ${PRIVILEGIEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
            done

            for srcip in ${TRUSTEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
            done
        done

        for dstport in ${SERVICESUDP2}; do
            for srcip in ${PRIVILEGIEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
            done

            for srcip in ${TRUSTEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-PRIVILEGED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
            done
        done

        # Trusted services (accessible from trusted IPs)
        for dstport in ${SERVICESTCP3}; do
            for srcip in ${TRUSTEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-TRUSTED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-TRUSTED -p tcp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
            done
        done

        for dstport in ${SERVICESUDP3}; do
            for srcip in ${TRUSTEDIPS}; do
-                ${IPT} -I MINIFW-DOCKER-TRUSTED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                if ! is_ipv6 ${srcip}; then
+                    ${IPT} -I MINIFW-DOCKER-TRUSTED -p udp -s "${srcip}" --dport "${dstport}" -j RETURN
+                fi
            done
        done
    fi