applications/luci-app-dockerman/root/etc/init.d/dockerman

   1 #!/bin/sh /etc/rc.common
   2
   3 START=99
   4 DOCKERD_CONF="/etc/docker/daemon.json"
   5
   6 config_load dockerman
   7 config_get daemon_ea "local" daemon_ea
   8
   9 init_dockerman_chain(){
  10         iptables -N DOCKER-MAN >/dev/null 2>&1
  11         iptables -F DOCKER-MAN >/dev/null 2>&1
  12         iptables -D DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1
  13         iptables -I DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1
  14 }
  15
  16 add_allowed_interface(){
  17         iptables -A DOCKER-MAN -i $1 -o docker0 -j RETURN
  18 }
  19
  20 add_allowed_ip(){
  21         iptables -A DOCKER-MAN -d $1 -o docker0 -j RETURN
  22 }
  23
  24 handle_allowed_interface(){
  25         #config_list_foreach "local" allowed_ip add_allowed_ip
  26         config_list_foreach "local" ac_allowed_interface add_allowed_interface
  27         iptables -A DOCKER-MAN -m conntrack --ctstate ESTABLISHED,RELATED -o docker0 -j RETURN >/dev/null 2>&1
  28         iptables -A DOCKER-MAN -m conntrack --ctstate NEW,INVALID -o docker0 -j DROP >/dev/null 2>&1
  29         iptables -A DOCKER-MAN -j RETURN >/dev/null 2>&1
  30 }
  31
  32 start(){
  33         [ ! -x "/etc/init.d/dockerd" ] && return 0
  34         init_dockerman_chain
  35         if [ -n "$daemon_ea" ]; then
  36                 handle_allowed_interface
  37                 lua /usr/share/dockerman/dockerd-config.lua "$DOCKERD_CONF" && /etc/init.d/dockerd restart && sleep 5 || {
  38                         # 1 running, 0 stopped
  39                         STATE=$([ -n "$(ps |grep /usr/bin/dockerd | grep -v grep)" ] && echo 1 || echo 0)
  40                         [ "$STATE" == "0" ] && /etc/init.d/dockerd start && sleep 5
  41                 }
  42                 lua /usr/share/dockerman/dockerd-ac.lua
  43         else
  44                 /etc/init.d/dockerd stop
  45         fi
  46 }