1 files changed, 46 insertions, 0 deletions

diff --git a/applications/luci-app-dockerman/root/etc/init.d/dockerman b/applications/luci-app-dockerman/root/etc/init.d/dockerman
new file mode 100755
index 000000000..22629c193
--- /dev/null
+++ b/applications/luci-app-dockerman/root/etc/init.d/dockerman
@@ -0,0 +1,46 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+DOCKERD_CONF="/etc/docker/daemon.json"
+
+config_load dockerman
+config_get daemon_ea "local" daemon_ea
+
+init_dockerman_chain(){
+	iptables -N DOCKER-MAN >/dev/null 2>&1
+	iptables -F DOCKER-MAN >/dev/null 2>&1
+	iptables -D DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1
+	iptables -I DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1
+}
+
+add_allowed_interface(){
+	iptables -A DOCKER-MAN -i $1 -o docker0 -j RETURN
+}
+
+add_allowed_ip(){
+	iptables -A DOCKER-MAN -d $1 -o docker0 -j RETURN
+}
+
+handle_allowed_interface(){
+	#config_list_foreach "local" allowed_ip add_allowed_ip
+	config_list_foreach "local" ac_allowed_interface add_allowed_interface
+	iptables -A DOCKER-MAN -m conntrack --ctstate ESTABLISHED,RELATED -o docker0 -j RETURN >/dev/null 2>&1
+	iptables -A DOCKER-MAN -m conntrack --ctstate NEW,INVALID -o docker0 -j DROP >/dev/null 2>&1
+	iptables -A DOCKER-MAN -j RETURN >/dev/null 2>&1
+}
+
+start(){
+	[ ! -x "/etc/init.d/dockerd" ] && return 0
+	init_dockerman_chain
+	if [ -n "$daemon_ea" ]; then
+		handle_allowed_interface
+		lua /usr/share/dockerman/dockerd-config.lua "$DOCKERD_CONF" && /etc/init.d/dockerd restart && sleep 5 || {
+			# 1 running, 0 stopped
+			STATE=$([ -n "$(ps |grep /usr/bin/dockerd | grep -v grep)" ] && echo 1 || echo 0)
+			[ "$STATE" == "0" ] && /etc/init.d/dockerd start && sleep 5
+		}
+		lua /usr/share/dockerman/dockerd-ac.lua
+	else
+		/etc/init.d/dockerd stop
+	fi
+}