github/dndx-phantun
1
0
Fork 0
mirror of https://github.com/dndx/phantun.git synced 2025-04-05 19:49:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

docker: iptables wait xtables lock

Browse Source
This commit is contained in:
pexcn 2022-12-11 23:44:46 +08:00
parent 6c13db3e9f
commit d19292e6ab
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docker/phantun.sh
View File

@ -90,7 +90,7 @@ _revoke_iptables() {
local tun=$(_get_tun_from_args "$@") local tun=$(_get_tun_from_args "$@")
local port=$(_get_port_from_args "$@") local port=$(_get_port_from_args "$@")
local comment="phantun_${tun}_${port}" local comment="phantun_${tun}_${port}"
iptables-save | grep -v "${comment}" | iptables-restore iptables-save | grep -v "${comment}" | iptables-restore -w 10
info "remove iptables rule: [${comment}]" info "remove iptables rule: [${comment}]"
} }
@ -99,7 +99,7 @@ _revoke_ip6tables() {
local tun=$(_get_tun_from_args "$@") local tun=$(_get_tun_from_args "$@")
local port=$(_get_port_from_args "$@") local port=$(_get_port_from_args "$@")
local comment="phantun_${tun}_${port}" local comment="phantun_${tun}_${port}"
ip6tables-save | grep -v "${comment}" | ip6tables-restore ip6tables-save | grep -v "${comment}" | ip6tables-restore -w 10
info "remove ip6tables rule: [${comment}]" info "remove ip6tables rule: [${comment}]"
} }
@ -120,15 +120,15 @@ apply_iptables() {
if _check_rule_by_comment "${comment}"; then if _check_rule_by_comment "${comment}"; then
warn "iptables rule already exist, maybe needs to check." warn "iptables rule already exist, maybe needs to check."
else else
iptables -A FORWARD -i $tun -j ACCEPT -m comment --comment "${comment}" iptables -w 10 -A FORWARD -i $tun -j ACCEPT -m comment --comment "${comment}"
iptables -A FORWARD -o $tun -j ACCEPT -m comment --comment "${comment}" iptables -w 10 -A FORWARD -o $tun -j ACCEPT -m comment --comment "${comment}"
if _is_server_mode "$1"; then if _is_server_mode "$1"; then
info "add iptables DNAT rule: [${comment}]: ${interface} -> ${tun}, ${address} -> ${peer}" info "add iptables DNAT rule: [${comment}]: ${interface} -> ${tun}, ${address} -> ${peer}"
iptables -t nat -A PREROUTING -p tcp -i $interface --dport $port -j DNAT --to-destination $peer \ iptables -w 10 -t nat -A PREROUTING -p tcp -i $interface --dport $port -j DNAT --to-destination $peer \
-m comment --comment "${comment}" || error "iptables DNAT rule add failed." -m comment --comment "${comment}" || error "iptables DNAT rule add failed."
else else
info "add iptables SNAT rule: [${comment}]: ${tun} -> ${interface}, ${peer} -> ${address}" info "add iptables SNAT rule: [${comment}]: ${tun} -> ${interface}, ${peer} -> ${address}"
iptables -t nat -A POSTROUTING -s $peer -o $interface -j SNAT --to-source $address \ iptables -w 10 -t nat -A POSTROUTING -s $peer -o $interface -j SNAT --to-source $address \
-m comment --comment "${comment}" || error "iptables SNAT rule add failed." -m comment --comment "${comment}" || error "iptables SNAT rule add failed."
fi fi
fi fi
@ -147,15 +147,15 @@ apply_ip6tables() {
if _check_rule6_by_comment "${comment}"; then if _check_rule6_by_comment "${comment}"; then
warn "ip6tables rule already exist, maybe needs to check." warn "ip6tables rule already exist, maybe needs to check."
else else
ip6tables -A FORWARD -i $tun -j ACCEPT -m comment --comment "${comment}" ip6tables -w 10 -A FORWARD -i $tun -j ACCEPT -m comment --comment "${comment}"
ip6tables -A FORWARD -o $tun -j ACCEPT -m comment --comment "${comment}" ip6tables -w 10 -A FORWARD -o $tun -j ACCEPT -m comment --comment "${comment}"
if _is_server_mode "$1"; then if _is_server_mode "$1"; then
info "add ip6tables DNAT rule: [${comment}]: ${interface} -> ${tun}, ${address} -> ${peer}" info "add ip6tables DNAT rule: [${comment}]: ${interface} -> ${tun}, ${address} -> ${peer}"
ip6tables -t nat -A PREROUTING -p tcp -i $interface --dport $port -j DNAT --to-destination $peer \ ip6tables -w 10 -t nat -A PREROUTING -p tcp -i $interface --dport $port -j DNAT --to-destination $peer \
-m comment --comment "${comment}" || error "ip6tables DNAT rule add failed." -m comment --comment "${comment}" || error "ip6tables DNAT rule add failed."
else else
info "add ip6tables SNAT rule: [${comment}]: ${tun} -> ${interface}, ${peer} -> ${address}" info "add ip6tables SNAT rule: [${comment}]: ${tun} -> ${interface}, ${peer} -> ${address}"
ip6tables -t nat -A POSTROUTING -s $peer -o $interface -j SNAT --to-source $address \ ip6tables -w 10 -t nat -A POSTROUTING -s $peer -o $interface -j SNAT --to-source $address \
-m comment --comment "${comment}" || error "ip6tables SNAT rule add failed." -m comment --comment "${comment}" || error "ip6tables SNAT rule add failed."
fi fi
fi fi