7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "add nftables support" 

This reverts commit 85c9606baa.
This commit is contained in:
amorfo77 2023-02-10 18:14:52 +01:00
parent 85c9606baa
commit 0ca78be006
6 changed files with 2 additions and 1130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
data/Dockerfiles/netfilter/Dockerfile
View File

@ -1,8 +1,6 @@
FROM alpine:3.17 FROM alpine:3.17
LABEL maintainer "Andre Peters <andre.peters@servercow.de>" LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
WORKDIR /app
ENV XTABLES_LIBDIR /usr/lib/xtables ENV XTABLES_LIBDIR /usr/lib/xtables
ENV PYTHON_IPTABLES_XTABLES_VERSION 12 ENV PYTHON_IPTABLES_XTABLES_VERSION 12
ENV IPTABLES_LIBDIR /usr/lib ENV IPTABLES_LIBDIR /usr/lib
@ -16,13 +14,10 @@ RUN apk add --virtual .build-deps \
iptables \ iptables \
ip6tables \ ip6tables \
xtables-addons \ xtables-addons \
nftables \
tzdata \ tzdata \
py3-pip \ py3-pip \
py3-nftables \
musl-dev \ musl-dev \
&& pip3 install --ignore-installed --upgrade pip \ && pip3 install --ignore-installed --upgrade pip \
jsonschema \
python-iptables \ python-iptables \
redis \ redis \
ipaddress \ ipaddress \
@ -31,10 +26,5 @@ RUN apk add --virtual .build-deps \
# && pip3 install --upgrade pip python-iptables==0.13.0 redis ipaddress dnspython \ # && pip3 install --upgrade pip python-iptables==0.13.0 redis ipaddress dnspython \
COPY server.py /app/ COPY server.py /
COPY server-nft.py /app/ CMD ["python3", "-u", "/server.py"]
COPY ./netfilter.sh /app/
RUN chmod +x /app/netfilter.sh
CMD ["/bin/sh", "/app/netfilter.sh"]

11
data/Dockerfiles/netfilter/netfilter.sh
View File

@ -1,11 +0,0 @@
#!/bin/sh
server_to_use="server.py"
if [ -n "$USE_NFTABLES" ]; then
if echo "$USE_NFTABLES" | grep -Eq "^[yY]$"; then
server_to_use="server-nft.py"
fi
fi
exec python -u ${server_to_use}

1101
data/Dockerfiles/netfilter/server-nft.py
View File

File diff suppressed because it is too large Load Diff

1
data/Dockerfiles/netfilter/server.py
View File

@ -531,7 +531,6 @@ def initChain():
if __name__ == '__main__': if __name__ == '__main__':
logInfo("Using Iptables backend")
# In case a previous session was killed without cleanup # In case a previous session was killed without cleanup
clear() clear()
# Reinit MAILCOW chain # Reinit MAILCOW chain

1
docker-compose.yml
View File

@ -441,7 +441,6 @@ services:
- IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64} - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
- SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n} - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
- SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n} - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
- USE_NFTABLES=${USE_NFTABLES:-n}
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-} - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-} - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
network_mode: "host" network_mode: "host"

4
generate_config.sh
View File

@ -394,10 +394,6 @@ IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
#SNAT6_TO_SOURCE= #SNAT6_TO_SOURCE=
# Use this variable if you want to use Nftables instead of Iptables in the netfilter container
#USE_NFTABLES=
# Create or override an API key for the web UI # Create or override an API key for the web UI
# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs # You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
# An API key defined as API_KEY has read-write access # An API key defined as API_KEY has read-write access