Firewall in Docker

tasiomendez · Jan 17, 2018 · a8f2ed0 · a8f2ed0
1 parent 8537c48
commit a8f2ed0
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 59 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -12,6 +12,7 @@ services:
 
   lb:
     build: docker/lb
+    privileged: true
     ports:
       - '8081:8001'
       - '8080:80'
@@ -29,8 +30,8 @@ services:
     environment:
       DATABASE_URL: 'postgres://crm:xxxx@bbdd:5432/crm'
     networks:
-      - LAN4
       - LAN3
+      - LAN4
     depends_on:
       - nas1
       - nas2
@@ -44,8 +45,8 @@ services:
     environment:
       DATABASE_URL: 'postgres://crm:xxxx@bbdd:5432/crm'
     networks:
-      - LAN4
       - LAN3
+      - LAN4
     depends_on:
       - s1
       - nas1
@@ -60,8 +61,8 @@ services:
     environment:
       DATABASE_URL: 'postgres://crm:xxxx@bbdd:5432/crm'
     networks:
-      - LAN4
       - LAN3
+      - LAN4
     depends_on:
       - s1
       - nas1
@@ -92,7 +93,7 @@ services:
       - LAN4
 
 networks:
-  LAN4:
-    driver: bridge
   LAN3:
     driver: bridge
+  LAN4:
+    driver: bridge
diff --git a/docker/fw/Dockerfile b/docker/fw/Dockerfile
diff --git a/docker/lb/Dockerfile b/docker/lb/Dockerfile
@@ -1,15 +1,19 @@
 FROM ubuntu:17.04
 
 RUN apt-get update
-RUN apt-get install -y build-essential wget
+RUN apt-get install -y build-essential wget ufw
 
 RUN wget --no-check-certificate https://crossroads.e-tunity.com/downloads/versions/crossroads-2.81.tar.gz
 RUN tar -xvf crossroads-2.81.tar.gz
 WORKDIR crossroads-2.81
 
 RUN make install 
 
+# Configure local firewall
+RUN sed -i "s/IPV6=yes/IPV6=no/" /etc/default/ufw
+
 EXPOSE 8001
 EXPOSE 80
 
-CMD xr --server tcp:0:80 -dr --backend s1:3000 --backend s2:3000 --backend s3:3000 --web-interface 0:8001 
+CMD bash -c "ufw enable && ufw allow 80/tcp && ufw allow 8001/tcp; \
+			 xr --server tcp:0:80 -dr --backend s1:3000 --backend s2:3000 --backend s3:3000 --web-interface 0:8001"