diff --git a/firewall/Dockerfile b/firewall/Dockerfile deleted file mode 100644 index 810c851..0000000 --- a/firewall/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM golang:latest -MAINTAINER Jessica Frazelle - -RUN go get github.com/Sirupsen/logrus -RUN go get github.com/coreos/go-etcd/etcd - -ADD ./main.go /src/main.go - -WORKDIR /src -RUN go build -o firewall main.go - -RUN ls diff --git a/firewall/main.go b/firewall/main.go deleted file mode 100644 index 4132eaf..0000000 --- a/firewall/main.go +++ /dev/null @@ -1,156 +0,0 @@ -package main - -import ( - "bytes" - "encoding/json" - "fmt" - "os" - "os/exec" - - "github.com/Sirupsen/logrus" - "github.com/coreos/go-etcd/etcd" -) - -var ( - iface string - logger = logrus.New() -) - -type port struct { - Port int `json:"port"` - Proto string `json:"proto"` -} - -// flush the provied chain -func flush(chain string) { - cmd := exec.Command("iptables", "-F", chain) - - out, err := cmd.CombinedOutput() - if err != nil { - logger.WithField("error", err).Errorf("flushing %s: %s", chain, out) - } -} - -func fetchIPs(client *etcd.Client) ([]string, error) { - resp, err := client.Get("/firewall/ips", false, false) - if err != nil { - return nil, err - } - - var out []string - if err := json.Unmarshal([]byte(resp.Node.Value), &out); err != nil { - return nil, err - } - - return out, nil -} - -func fetchPorts(client *etcd.Client) ([]port, error) { - resp, err := client.Get("/firewall/ports", false, false) - if err != nil { - return nil, err - } - - var out []port - if err := json.Unmarshal([]byte(resp.Node.Value), &out); err != nil { - return nil, err - } - - return out, nil -} - -func process(client *etcd.Client) error { - flush("INPUT") - logger.Info("flushed existing rules") - - ips, err := fetchIPs(client) - if err != nil { - return err - } - - ports, err := fetchPorts(client) - if err != nil { - return err - } - - for _, p := range ports { - if err := apply(ips, p.Port, p.Proto); err != nil { - return err - } - } - - logrus.Info("created updated rules") - - return nil -} - -// iptables -A INPUT -i eth0 -p tcp --dport 8080 -j DROP -// iptables -I INPUT -i eth0 -s 127.0.0.1 -p tcp --dport 8080 -j ACCEPT -func apply(ips []string, port int, proto string) error { - // process the DROP rule - if err := iptables("-A", "INPUT", "-i", iface, "-p", proto, "--dport", fmt.Sprint(port), "-j", "DROP"); err != nil { - return err - } - - for _, a := range ips { - if err := iptables("-I", "INPUT", "-i", iface, "-s", a, "-p", proto, "--dport", fmt.Sprint(port), "-j", "ACCEPT"); err != nil { - return err - } - } - - return nil -} - -func iptables(args ...string) error { - cmd := exec.Command("iptables", args...) - - out, err := cmd.CombinedOutput() - if err != nil { - if bytes.Contains(out, []byte("does a matching rule exist in that chain?")) { - return nil - } - logger.WithField("error", err).Errorf("iptables %s", out) - - return err - } - - return nil -} - -func processLoop(client *etcd.Client, update chan *etcd.Response) { - for resp := range update { - logger.WithField("key", resp.Node.Key).Info("processing updated rules") - - if err := process(client); err != nil { - logger.WithField("error", err).Error("add new iptables rules") - } - } -} - -func main() { - machine := os.Getenv("ETCD") - logger.Infof("connecting to %s", machine) - - client := etcd.NewClient([]string{machine}) - - resp, err := client.Get("/firewall/interface", false, false) - if err != nil { - logger.Fatal(err) - } - - iface = resp.Node.Value - if iface == "" { - logger.Fatal("invalid interface to restrict") - } - - if err := process(client); err != nil { - logger.Fatal(err) - } - - update := make(chan *etcd.Response) - go processLoop(client, update) - - if _, err := client.Watch("/firewall", 0, true, update, nil); err != nil { - logger.Error(err) - } -} diff --git a/irssi/Dockerfile b/irssi/Dockerfile deleted file mode 100644 index 023313a..0000000 --- a/irssi/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# irssi with notifications -# -# docker run -it --rm \ -# -v /etc/timezone:/etc/timezone \ -# -v /etc/localtime:/etc/localtime \ -# -v /home/jessie/.irssi:/root/.irssi \ -# -v /tmp/.X11-unix:/tmp/.X11-unix \ -# -e DISPLAY=unix$DISPLAY \ -# jess/irssi - -FROM debian:jessie -MAINTAINER Jessica Frazelle - -ENV LANG C.UTF-8 - -RUN apt-get update && apt-get install -y \ - irssi \ - libdatetime-perl \ - libnotify-bin \ - libwww-perl \ - --no-install-recommends - -CMD [ "irssi" ]