Fixing firewall rules for ssh and http git clone

2015-05-26 15:50:46 +02:00
parent 47d56e2fbd
commit 1beec497f8
3 changed files with 11 additions and 3 deletions
--- a/tmpl/51-gogs-nat_rules
+++ b/tmpl/51-gogs-nat_rules
@ -3,7 +3,7 @@
 #
 # Rules for SSH git clone
 #
-/sbin/iptables -A eth0-cont -s 0/0 -p tcp --syn --dport %%git_ssh_port -d %%container_ip_forge -j ACCEPT
+/sbin/iptables -A eth0-cont -d 192.0.2.101/32 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
 %if %%getVar('mode_conteneur_actif','non') == 'oui'
-/sbin/iptables -t nat -A PREROUTING -i eth0 -s 0/0 -p tcp --syn --dport %%git_ssh_port -j DNAT --to-destination %%container_ip_forge:%%git_ssh_port
+/sbin/iptables -t nat -A PREROUTING -i eth0 -s 0/0 -p tcp --syn --dport %%git_ssh_port -j DNAT --to-destination %%container_ip_forge:22
 %end if
--- a/tmpl/gogs.conf
+++ b/tmpl/gogs.conf
@ -17,7 +17,11 @@ PROTOCOL = https
 %if %%getVar('activer_revprox','non') == 'oui'
 DOMAIN = localhost
 %else
-DOMAIN = %%container_ip_forge
+  %if %%getVar('gogs_web_name', 'X-X-X-X') == 'X-X-X-X'
+DOMAIN = %%adresse_ip_eth0
+  %else
+DOMAIN = %%gogs_web_name
+  %end if 
 %end if
 ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
 HTTP_ADDR =