Add ip6tables setup to the Docker entrypoint

jviide · jviide · commit a7593881cc44 · 2018-05-23T00:59:45.000+09:00
diff --git a/Dockerfile b/Dockerfile
@@ -5,7 +5,7 @@ COPY . .
 RUN go build -o /tracetrout -ldflags='-s -w'
 
 FROM alpine:3.7
-RUN apk add --no-cache iptables libnetfilter_queue
+RUN apk add --no-cache iptables ip6tables libnetfilter_queue
 WORKDIR /tracetrout
 COPY entrypoint.sh .
 COPY --from=builder /tracetrout .
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,13 +1,15 @@
 set -e
 
-iptables -A INPUT -t mangle -j CONNMARK --restore-mark
-iptables -A INPUT -t mangle -m mark ! --mark 0 -j ACCEPT
-iptables -A INPUT -t mangle -p tcp --dport "${PORT}" -j MARK --set-mark 0x10000
-iptables -A INPUT -t mangle -p tcp --dport "${PORT}" -j MARK --or-mark "${FILTER_QUEUE}"
-iptables -A INPUT -t mangle -j CONNMARK --save-mark
-iptables -A OUTPUT -t mangle -j CONNMARK --restore-mark
+for CMD in iptables ip6tables; do
+  "${CMD}" -A INPUT -t mangle -j CONNMARK --restore-mark
+  "${CMD}" -A INPUT -t mangle -m mark ! --mark 0 -j ACCEPT
+  "${CMD}" -A INPUT -t mangle -p tcp --dport "${PORT}" -j MARK --set-mark 0x10000
+  "${CMD}" -A INPUT -t mangle -p tcp --dport "${PORT}" -j MARK --or-mark "${FILTER_QUEUE}"
+  "${CMD}" -A INPUT -t mangle -j CONNMARK --save-mark
+  "${CMD}" -A INPUT -m mark --mark 0x10000/0xffff0000 -m mark --mark "${FILTER_QUEUE}/0xffff" -j NFQUEUE --queue-num "${FILTER_QUEUE}"
 
-iptables -A INPUT -m mark --mark 0x10000/0xffff0000 -m mark --mark "${FILTER_QUEUE}/0xffff" -j NFQUEUE --queue-num "${FILTER_QUEUE}"
-iptables -A OUTPUT -m mark --mark 0x10000/0xffff0000 -m mark --mark "${FILTER_QUEUE}/0xffff" -j NFQUEUE --queue-num "${FILTER_QUEUE}"
+  "${CMD}" -A OUTPUT -t mangle -j CONNMARK --restore-mark
+  "${CMD}" -A OUTPUT -m mark --mark 0x10000/0xffff0000 -m mark --mark "${FILTER_QUEUE}/0xffff" -j NFQUEUE --queue-num "${FILTER_QUEUE}"
+done
 
-$@
+$@
