2015-09-26 15:46:38 +00:00
|
|
|
#
|
|
|
|
|
# Dockerfile for iptables
|
|
|
|
|
#
|
|
|
|
|
|
2021-12-15 10:00:42 +00:00
|
|
|
FROM alpine:3
|
|
|
|
|
MAINTAINER EasyPi Software Foundation
|
2015-09-26 15:46:38 +00:00
|
|
|
|
2016-09-02 10:41:23 +00:00
|
|
|
RUN apk add -U iproute2 && ln -s /usr/lib/tc /lib/tc
|
2015-09-26 15:46:38 +00:00
|
|
|
|
2021-12-15 10:00:42 +00:00
|
|
|
ENV LIMIT_PORT=8388
|
|
|
|
|
ENV LIMIT_CONN=5
|
|
|
|
|
ENV TCP_PORTS=80,443
|
|
|
|
|
ENV UDP_PORTS=53
|
|
|
|
|
ENV RATE=1mbit
|
|
|
|
|
ENV BURST=1kb
|
|
|
|
|
ENV LATENCY=50ms
|
|
|
|
|
ENV INTERVAL=60
|
|
|
|
|
ENV DEVICE=eth0
|
2015-09-26 15:46:38 +00:00
|
|
|
|
|
|
|
|
CMD iptables -F \
|
2015-09-29 07:30:08 +00:00
|
|
|
&& iptables -A INPUT -p tcp -m state --state NEW --dport $LIMIT_PORT -m connlimit --connlimit-above $LIMIT_CONN -j DROP \
|
2015-09-26 15:46:38 +00:00
|
|
|
&& iptables -A OUTPUT -p tcp -m state --state NEW -m multiport ! --dports $TCP_PORTS -j DROP \
|
|
|
|
|
&& iptables -A OUTPUT -p udp -m state --state NEW -m multiport ! --dports $UDP_PORTS -j DROP \
|
2021-12-15 10:00:42 +00:00
|
|
|
&& tc qdisc add dev $DEVICE root tbf rate $RATE burst $BURST latency $LATENCY \
|
|
|
|
|
&& watch -n $INTERVAL tc -s qdisc ls dev $DEVICE
|
