From caa793ff8deff7e19851266da13316620c94dc46 Mon Sep 17 00:00:00 2001 From: Mark Newton Date: Sat, 3 Feb 2018 07:36:52 -0500 Subject: [PATCH] Remove unneeded folder structure --- qbittorrent/scripts/iptables.sh | 180 -------------------------------- qbittorrent/scripts/start.sh | 20 ---- 2 files changed, 200 deletions(-) delete mode 100644 qbittorrent/scripts/iptables.sh delete mode 100644 qbittorrent/scripts/start.sh diff --git a/qbittorrent/scripts/iptables.sh b/qbittorrent/scripts/iptables.sh deleted file mode 100644 index b1064ef..0000000 --- a/qbittorrent/scripts/iptables.sh +++ /dev/null @@ -1,180 +0,0 @@ -#!/bin/bash -# Forked from binhex's OpenVPN dockers - -# Wait until tunnel is up -while : ; do - tunnelstat=$(netstat -ie | grep -E "tun|tap") - if [[ ! -z "${tunnelstat}" ]]; then - break - else - sleep 1 - fi -done - -# ip route -### - -DEBUG=false - - -# split comma seperated string into list from LAN_NETWORK env variable -IFS=',' read -ra lan_network_list <<< "${LAN_NETWORK}" - -lancount=0 -# process lan networks in the list -for lan_network_item in "${lan_network_list[@]}"; do - - # get default gateway of interfaces as looping through them - DEFAULT_GATEWAY=$(ip -4 route list 0/${lancount} | cut -d ' ' -f 3) - - # strip whitespace from start and end of lan_network_item - lan_network_item=$(echo "${lan_network_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') - - echo "[info] Adding ${lan_network_item} as route via docker eth0" - ip route add "${lan_network_item}" via "${DEFAULT_GATEWAY}" dev eth0 - - lancount=$((lancount+1)) -done - -echo "[info] ip route defined as follows..." | ts '%Y-%m-%d %H:%M:%.S' -echo "--------------------" -ip route -echo "--------------------" - -# setup iptables marks to allow routing of defined ports via eth0 -### - -if [[ "${DEBUG}" == "true" ]]; then - echo "[debug] Modules currently loaded for kernel" ; lsmod -fi - -# check we have iptable_mangle, if so setup fwmark -lsmod | grep iptable_mangle -iptable_mangle_exit_code=$? - -if [[ $iptable_mangle_exit_code == 0 ]]; then - - echo "[info] iptable_mangle support detected, adding fwmark for tables" | ts '%Y-%m-%d %H:%M:%.S' - - # setup route for deluge webui using set-mark to route traffic for port 8080 to eth0 - echo "8080 webui" >> /etc/iproute2/rt_tables - ip rule add fwmark 1 table webui - ip route add default via $DEFAULT_GATEWAY table webui - -fi - -# identify docker bridge interface name (probably eth0) - docker_interface=$(netstat -ie | grep -vE "lo|tun|tap" | sed -n '1!p' | grep -P -o -m 1 '^[\w]+') -if [[ "${DEBUG}" == "true" ]]; then - echo "[debug] Docker interface defined as ${docker_interface}" -fi - -# identify ip for docker bridge interface -docker_ip=$(ifconfig "${docker_interface}" | grep -P -o -m 1 '(?<=inet\saddr:)[^\s]+') -if [[ "${DEBUG}" == "true" ]]; then - echo "[debug] Docker IP defined as ${docker_ip}" -fi - -# identify netmask for docker bridge interface -docker_mask=$(ifconfig "${docker_interface}" | grep -P -o -m 1 '(?<=Mask:)[^\s]+') -if [[ "${DEBUG}" == "true" ]]; then - echo "[debug] Docker netmask defined as ${docker_mask}" -fi - -# convert netmask into cidr format -docker_network_cidr=$(ipcalc "${docker_ip}" "${docker_mask}" | grep -P -o -m 1 "(?<=Network:)\s+[^\s]+" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') -echo "[info] Docker network defined as ${docker_network_cidr}" | ts '%Y-%m-%d %H:%M:%.S' - -# input iptable rules -### - -# set policy to drop ipv4 for input -iptables -P INPUT DROP - -# set policy to drop ipv6 for input -ip6tables -P INPUT DROP 1>&- 2>&- - -# accept input to tunnel adapter -iptables -A INPUT -i "${VPN_DEVICE_TYPE}" -j ACCEPT - -# accept input to/from docker containers (172.x range is internal dhcp) -iptables -A INPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j ACCEPT - -# accept input to vpn gateway -iptables -A INPUT -i eth0 -p $VPN_PROTOCOL --sport $VPN_PORT -j ACCEPT - -# accept input to deluge webui port 8080 -iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT -iptables -A INPUT -i eth0 -p tcp --sport 8080 -j ACCEPT - -# process lan networks in the list -for lan_network_item in "${lan_network_list[@]}"; do - - # strip whitespace from start and end of lan_network_item - lan_network_item=$(echo "${lan_network_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') - - # accept input to deluge daemon port - used for lan access - iptables -A INPUT -i eth0 -s "${lan_network_item}" -p tcp --dport 8999 -j ACCEPT - -done - -# accept input icmp (ping) -iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT - -# accept input to local loopback -iptables -A INPUT -i lo -j ACCEPT - -# output iptable rules -### - -# set policy to drop ipv4 for output -iptables -P OUTPUT DROP - -# set policy to drop ipv6 for output -ip6tables -P OUTPUT DROP 1>&- 2>&- - -# accept output from tunnel adapter -iptables -A OUTPUT -o "${VPN_DEVICE_TYPE}" -j ACCEPT - -# accept output to/from docker containers (172.x range is internal dhcp) -iptables -A OUTPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j ACCEPT - -# accept output from vpn gateway -iptables -A OUTPUT -o eth0 -p $VPN_PROTOCOL --dport $VPN_PORT -j ACCEPT - -# if iptable mangle is available (kernel module) then use mark -if [[ $iptable_mangle_exit_code == 0 ]]; then - - # accept output from deluge webui port 8112 - used for external access - iptables -t mangle -A OUTPUT -p tcp --dport 8080 -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -p tcp --sport 8080 -j MARK --set-mark 1 - -fi - -# accept output from deluge webui port 8112 - used for lan access -iptables -A OUTPUT -o eth0 -p tcp --dport 8080 -j ACCEPT -iptables -A OUTPUT -o eth0 -p tcp --sport 8080 -j ACCEPT - -# process lan networks in the list -for lan_network_item in "${lan_network_list[@]}"; do - - # strip whitespace from start and end of lan_network_item - lan_network_item=$(echo "${lan_network_item}" | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') - - # accept output to deluge daemon port - used for lan access - iptables -A OUTPUT -o eth0 -d "${lan_network_item}" -p tcp --sport 8999 -j ACCEPT - -done - -# accept output for icmp (ping) -iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT - -# accept output from local loopback adapter -iptables -A OUTPUT -o lo -j ACCEPT - -echo "[info] iptables defined as follows..." | ts '%Y-%m-%d %H:%M:%.S' -echo "--------------------" -iptables -S -echo "--------------------" - -exec /bin/bash /etc/qbittorrent/scripts/start.sh diff --git a/qbittorrent/scripts/start.sh b/qbittorrent/scripts/start.sh deleted file mode 100644 index 69036fe..0000000 --- a/qbittorrent/scripts/start.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -set -e - -_handler() { - echo "[warn] Shutdown detected... cleaning up real quick!" | ts '%Y-%m-%d %H:%M:%.S' - # if config directory exists, apply permissions before exiting - if [[ -e /config/qBittorrent ]]; then - echo "[info] qBittorrent directory exists in /config, applying ownership and permissions before exit" | ts '%Y-%m-%d %H:%M:%.S' - chmod -R 755 /config/qBittorrent - chown -R 99:100 /config/qBittorrent - fi -} - -trap _handler SIGINT SIGTERM SIGHUP - -echo "[info] Starting qBittorrent daemon..." | ts '%Y-%m-%d %H:%M:%.S' -/usr/bin/qbittorrent-nox =-profile=/config & - -child=$(pgrep -o -x qbittorrent-nox) -wait "$child"