From acec82950b1afc58beb6d217231c2cf52db858e5 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Thu, 1 May 2014 22:39:45 -0400 Subject: [PATCH] docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting a510e08f9e3b2714019dc7832b1bd7b7eae4ba6c and setting an environment variable) --- Dockerfile | 3 +++ scripts/functions.sh | 6 ++++-- scripts/system.sh | 17 +++++++++++------ 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index f6197210..c60a1649 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,6 +22,9 @@ MAINTAINER Joshua Tauberer (http://razor.occams.info) ENV PUBLIC_HOSTNAME box.local ENV PUBLIC_IP 127.0.123.123 +# Docker-specific Mail-in-a-Box configuration. +ENV DISABLE_FIREWALL 1 + # Our install will fail if SSH is installed and allows password-based authentication. RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq -y openssh-server RUN sed -i /etc/ssh/sshd_config -e "s/^#PasswordAuthentication yes/PasswordAuthentication no/g" diff --git a/scripts/functions.sh b/scripts/functions.sh index f1bcaf28..426f914a 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -20,7 +20,9 @@ function apt_install { } function ufw_allow { - # ufw has completely unhelpful output - ufw allow $1 > /dev/null; + if [ -z "$DISABLE_FIREWALL" ]; then + # ufw has completely unhelpful output + ufw allow $1 > /dev/null; + fi } diff --git a/scripts/system.sh b/scripts/system.sh index a31be43b..1e7afc28 100755 --- a/scripts/system.sh +++ b/scripts/system.sh @@ -32,9 +32,14 @@ apt_install python3 apt_install ntp fail2ban -# Turn on the firewall. First allow incoming SSH, then turn on the firewall. -# Other ports will be opened at the point where we set up those services. -apt_install ufw -ufw_allow ssh; -ufw --force enable; - +if [ -z "$DISABLE_FIREWALL" ]; then + # Turn on the firewall. First allow incoming SSH, then turn on the firewall. + # Other ports will be opened at the point where we set up those services. + # + # Various virtualized environments like Docker and some VPSs don't provide + # a kernel that supports iptables. To avoid error-like output in these cases, + # let us disable the firewall. + apt_install ufw + ufw_allow ssh; + ufw --force enable; +fi \ No newline at end of file