added docker.io

functionland · Jan 12, 2025 · 0754295 · 0754295
1 parent 289164a
commit 0754295
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/docker/fxsupport/linux/firewall.sh b/docker/fxsupport/linux/firewall.sh
@@ -233,8 +233,11 @@ is_valid_ipv6() {
 
 valid_domains=(
     "index.docker.io" 
-    "hub.docker.com" 
-    "registry-1.docker.io" 
+    "docker.io"
+    "docker.com"
+    "hub.docker.com"
+    "docs.docker.com"
+    "registry-1.docker.io"
     "production.cloudflare.docker.com"
     "download.docker.com"
     "github.com" 
@@ -288,9 +291,18 @@ done
 iptables -A INPUT -i docker0 -j ACCEPT
 iptables -A OUTPUT -o docker0 -j ACCEPT
 
+iptables -A INPUT -p tcp --dport 2375 -j ACCEPT
+iptables -A INPUT -p tcp --dport 2376 -j ACCEPT
+
+iptables -A OUTPUT -j DROP
+iptables -A INPUT -j DROP
+
 ip6tables -A INPUT -i docker0 -j ACCEPT
 ip6tables -A OUTPUT -o docker0 -j ACCEPT
 
+ip6tables -A OUTPUT -j DROP
+ip6tables -A INPUT -j DROP
+
 # Save rules
 if ! iptables-save > /etc/iptables/rules.v4; then
     echo "Failed to save IPv4 rules"

diff --git a/docker/fxsupport/linux/fula.sh b/docker/fxsupport/linux/fula.sh
@@ -835,7 +835,7 @@ function restart() {
   fi
 
   if [ ! -f ${SYSTEMD_PATH}/firewall.service ];then
-    setup_firewall || { echo "Error setting up firewall" | sudo tee -a $FULA_LOG_PATH; } || true
+    #setup_firewall || { echo "Error setting up firewall" | sudo tee -a $FULA_LOG_PATH; } || true
   fi
 
   setup_logrotate $FULA_LOG_PATH || { echo "Error setting up logrotate" | sudo tee -a $FULA_LOG_PATH; } || true