#!/bin/sh /etc/rc.common START=99 DOCKERD_CONF="/etc/docker/daemon.json" config_load dockerman config_get daemon_ea "local" daemon_ea init_dockerman_chain(){ iptables -N DOCKER-MAN >/dev/null 2>&1 iptables -F DOCKER-MAN >/dev/null 2>&1 iptables -D DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1 iptables -I DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1 } add_allowed_interface(){ iptables -A DOCKER-MAN -i $1 -o docker0 -j RETURN } add_allowed_ip(){ iptables -A DOCKER-MAN -d $1 -o docker0 -j RETURN } handle_allowed_interface(){ #config_list_foreach "local" allowed_ip add_allowed_ip config_list_foreach "local" ac_allowed_interface add_allowed_interface iptables -A DOCKER-MAN -m conntrack --ctstate ESTABLISHED,RELATED -o docker0 -j RETURN >/dev/null 2>&1 iptables -A DOCKER-MAN -m conntrack --ctstate NEW,INVALID -o docker0 -j DROP >/dev/null 2>&1 iptables -A DOCKER-MAN -j RETURN >/dev/null 2>&1 } start(){ [ ! -x "/etc/init.d/dockerd" ] && return 0 init_dockerman_chain if [ -n "$daemon_ea" ]; then handle_allowed_interface lua /usr/share/dockerman/dockerd-config.lua "$DOCKERD_CONF" && /etc/init.d/dockerd restart && sleep 5 || { # 1 running, 0 stopped STATE=$([ -n "$(ps |grep /usr/bin/dockerd | grep -v grep)" ] && echo 1 || echo 0) [ "$STATE" == "0" ] && /etc/init.d/dockerd start && sleep 5 } lua /usr/share/dockerman/dockerd-ac.lua else /etc/init.d/dockerd stop fi }