add theme to wordpress docker container

2020-04-01 18:10:21 +02:00 · 2020-04-01 18:10:21 +02:00 · 0e780362d8
commit 0e780362d8
parent 6513531dd5
6 changed files with 152 additions and 9 deletions
--- a/dist/nftables.conf
+++ b/dist/nftables.conf
@ -0,0 +1,45 @@
+#!/usr/bin/nft -f
+# /etc/nftables.conf
+
+table inet filter {
+  chain input {
+    type filter hook input priority 0;
+
+    # allow established/related connections
+    ct state {established, related} counter accept
+
+    # early drop of invalid connections
+    ct state invalid counter drop
+
+    # allow from loopback
+    iifname lo counter accept
+
+    # allow icmp
+    ip protocol icmp counter accept
+    ip6 nexthdr icmpv6 counter accept
+
+    # allow ssh
+    # tcp dport ssh counter accept
+
+    # everything else
+    counter reject with icmp type port-unreachable
+  }
+  chain forward {
+    type filter hook forward priority 0;
+#    drop
+  }
+  chain output {
+    type filter hook output priority 0;
+  }
+
+}
+
+table ip nat {
+  chain prerouting {
+    type nat hook prerouting priority 0;
+  }
+  chain postrouting {
+    type nat hook postrouting priority 0;
+    oifname "wlan0" counter masquerade
+  }
+}
--- a/dist/nftables.conf.notes
+++ b/dist/nftables.conf.notes
@ -0,0 +1,2 @@
+
+https://gist.github.com/dearing/9388218f3c6ef6e48114
--- a/dist/nftables2.conf
+++ b/dist/nftables2.conf
@ -0,0 +1,71 @@
+#!/usr/sbin/nft -f
+
+define docker_v4 = 172.17.0.0/16
+define docker_v6 = fcdd::/48
+
+# start with a clean slate
+flush ruleset
+
+table inet filter {
+  chain input {
+    # default input policy is drop
+    type filter hook input priority 50; policy drop;
+
+    # accept any localhost traffic
+    iif "lo" accept
+
+    # accept any docker traffic
+    ip saddr $docker_v4 accept
+    ip6 saddr $docker_v6 accept
+
+    # accept any icmp traffic
+    ip protocol icmp accept
+    ip6 nexthdr ipv6-icmp accept
+
+    # accept any established connection traffic
+    ct state established,related accept
+  }
+
+  chain forward {
+    # default forward policy is drop
+    type filter hook forward priority 50; policy drop;
+
+    # accept any docker traffic going to the internet
+    ip saddr $docker_v4 oif eth0 accept
+    ip6 saddr $docker_v6 oif eth0 accept
+
+    # accept any established connection traffic
+    ct state established,related accept
+  }
+
+  chain output {
+    # default output policy is accept
+    type filter hook output priority 50; policy accept;
+  }
+}
+
+table ip nat {
+  chain prerouting {
+    type nat hook prerouting priority 0;
+  }
+
+  chain postrouting {
+    type nat hook postrouting priority 100;
+
+    # apply source nat for docker traffic to the internet
+    ip saddr $docker_v4 oif eth0 masquerade
+  }
+}
+
+table ip6 nat {
+  chain prerouting {
+    type nat hook prerouting priority 0;
+  }
+
+  chain postrouting {
+    type nat hook postrouting priority 100;
+
+    # apply source nat for docker traffic to the internet
+    ip6 saddr $docker_v6 oif eth0 masquerade
+  }
+}
				`@ -0,0 +1,2 @@`

				`https://gist.github.com/dearing/9388218f3c6ef6e48114`