summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-dockerman/root/etc/init.d/dockerman
blob: 22629c193356aea1ca7f07bd3cd8606bd25851d0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/bin/sh /etc/rc.common

START=99
DOCKERD_CONF="/etc/docker/daemon.json"

config_load dockerman
config_get daemon_ea "local" daemon_ea

init_dockerman_chain(){
	iptables -N DOCKER-MAN >/dev/null 2>&1
	iptables -F DOCKER-MAN >/dev/null 2>&1
	iptables -D DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1
	iptables -I DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1
}

add_allowed_interface(){
	iptables -A DOCKER-MAN -i $1 -o docker0 -j RETURN
}

add_allowed_ip(){
	iptables -A DOCKER-MAN -d $1 -o docker0 -j RETURN
}

handle_allowed_interface(){
	#config_list_foreach "local" allowed_ip add_allowed_ip
	config_list_foreach "local" ac_allowed_interface add_allowed_interface
	iptables -A DOCKER-MAN -m conntrack --ctstate ESTABLISHED,RELATED -o docker0 -j RETURN >/dev/null 2>&1
	iptables -A DOCKER-MAN -m conntrack --ctstate NEW,INVALID -o docker0 -j DROP >/dev/null 2>&1
	iptables -A DOCKER-MAN -j RETURN >/dev/null 2>&1
}

start(){
	[ ! -x "/etc/init.d/dockerd" ] && return 0
	init_dockerman_chain
	if [ -n "$daemon_ea" ]; then
		handle_allowed_interface
		lua /usr/share/dockerman/dockerd-config.lua "$DOCKERD_CONF" && /etc/init.d/dockerd restart && sleep 5 || {
			# 1 running, 0 stopped
			STATE=$([ -n "$(ps |grep /usr/bin/dockerd | grep -v grep)" ] && echo 1 || echo 0)
			[ "$STATE" == "0" ] && /etc/init.d/dockerd start && sleep 5
		}
		lua /usr/share/dockerman/dockerd-ac.lua
	else
		/etc/init.d/dockerd stop
	fi
}