add ferm

ferm/Dockerfile

@@ -0,0 +1,11 @@
+#
+# Dockerfile for ferm
+#
+
+FROM alpine
+MAINTAINER kev <noreply@datageek.info>
+
+RUN apk add -U ferm && rm -rf /var/cache/apk/*
+
+ENTRYPOINT ["ferm", "--remote"]
+CMD ["-"]

ferm/README.md

@@ -0,0 +1,62 @@
+ferm - for Easy Rule Making
+===========================
+
+![](https://badge.imagelayers.io/vimagick/ferm:latest.svg)]
+
+[`ferm`][1] is a frontend for iptables, providing a way to write manageable
+rulesets without sacrificing flexibility.
+
+## Tutorial
+
+```
+$ alias ferm='docker run -i --rm vimagick/ferm'
+
+$ cat > iptables.rules <<_EOF_
+chain INPUT {
+    policy DROP;
+    mod state  state (RELATED ESTABLISHED)  ACCEPT;
+    proto tcp  dport (http ftp ssh)  ACCEPT;
+}
+_EOF_
+
+$ ferm -h
+Usage:
+    ferm *options* *inputfiles*
+
+Options:
+     -n, --noexec      Do not execute the rules, just simulate
+     -F, --flush       Flush all netfilter tables managed by ferm
+     -l, --lines       Show all rules that were created
+     -i, --interactive Interactive mode: revert if user does not confirm
+     -t, --timeout s   Define interactive mode timeout in seconds
+     --remote          Remote mode; ignore host specific configuration.
+                       This implies --noexec and --lines.
+     -V, --version     Show current version number
+     -h, --help        Look at this text
+     --slow            Slow mode, don't use iptables-restore
+     --shell           Generate a shell script which calls iptables-restore
+     --domain {ip|ip6} Handle only the specified domain
+     --def '$name=v'   Override a variable
+
+$ ferm < iptables.rules
+# Generated by ferm 2.2 on Mon Jul  6 00:32:04 2015
+*filter
+:INPUT DROP [0:0]
+-A INPUT --match state --state RELATED,ESTABLISHED --jump ACCEPT
+-A INPUT --protocol tcp --dport http --jump ACCEPT
+-A INPUT --protocol tcp --dport ftp --jump ACCEPT
+-A INPUT --protocol tcp --dport ssh --jump ACCEPT
+COMMIT
+
+$ ferm --slow - < iptables.rules
+iptables -t filter -P INPUT ACCEPT
+iptables -t filter -F
+iptables -t filter -X
+iptables -t filter -P INPUT DROP
+iptables -t filter -A INPUT --match state --state RELATED,ESTABLISHED --jump ACCEPT
+iptables -t filter -A INPUT --protocol tcp --dport http --jump ACCEPT
+iptables -t filter -A INPUT --protocol tcp --dport ftp --jump ACCEPT
+iptables -t filter -A INPUT --protocol tcp --dport ssh --jump ACCEPT
+```
+
+[1]: http://ferm.foo-projects.org/

openvpn/setup.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+#
+# setup script for kylemanna/openvpn
+#
+
+OVPN_DATA=${OVPN_DATA:-openvpn_data_1}
+OVPN_SERVER=${OVPN_SERVER:-tcp://vpn.datageek.info}
+OVPN_CLIENT=${OVPN_CLIENT:-client}
+
+select opt in server client quit
+do
+  if [[ $opt == "server" ]]
+  then
+    echo "setup server ..."
+    docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -c -u $OVPN_SERVER
+    docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki
+  elif [[ $opt == "client" ]]
+  then
+    echo "setup client ..."
+    docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full $OVPN_CLIENT nopass
+    docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_getclient $OVPN_CLIENT > $OVPN_CLIENT.ovpn
+  elif [[ $opt == "quit" ]]
+  then
+    echo "bye"
+    exit
+  else
+    echo "invalid"
+  fi
+done
+