Skip to content

Commit 8d01ce2

Browse files
kvinwangkvinwang
committed
Persistent iptalbes rules
1 parent 52fe14c commit 8d01ce2

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

teepod/src/setup-user.sh

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,7 @@ if [[ -z "$USERNAME" ]]; then
8484
fi
8585

8686
CHAIN_NAME="DSTACK_SANDBOX_${USERNAME}"
87+
RULES_FILE="/etc/iptables/dstack-rules-${USERNAME}.v4"
8788

8889
# Create the user if it doesn't exist
8990
if ! id -u $USERNAME >/dev/null 2>&1; then
@@ -107,6 +108,8 @@ if iptables -L $CHAIN_NAME >/dev/null 2>&1; then
107108
echo "Removed iptables chain $CHAIN_NAME"
108109
fi
109110

111+
rm -f $RULES_FILE
112+
110113
if [ "$NO_FW" = true ]; then
111114
echo "Skipping firewall rules setup"
112115
exit 0
@@ -143,4 +146,45 @@ if ! iptables -C OUTPUT -o lo -m owner --uid-owner $USERNAME -j $CHAIN_NAME 2>/d
143146
iptables -I OUTPUT -o lo -m owner --uid-owner $USERNAME -j $CHAIN_NAME
144147
fi
145148

149+
# Make iptables rules persistent
150+
if command -v iptables-save >/dev/null 2>&1; then
151+
echo "Saving iptables rules to make them persistent"
152+
153+
if [ -d "/etc/iptables" ]; then
154+
# Debian/Ubuntu style
155+
iptables-save >$RULES_FILE
156+
echo "Rules saved to $RULES_FILE"
157+
else
158+
# Fallback method
159+
mkdir -p /etc/iptables
160+
iptables-save >$RULES_FILE
161+
162+
# Create a systemd service to load rules at boot if it doesn't exist
163+
if [ ! -f "/etc/systemd/system/iptables-restore.service" ]; then
164+
cat >/etc/systemd/system/iptables-restore.service <<EOF
165+
[Unit]
166+
Description=Restore iptables firewall rules
167+
Before=network-pre.target
168+
Wants=network-pre.target
169+
170+
[Service]
171+
Type=oneshot
172+
ExecStart=/bin/bash -c 'for f in /etc/iptables/*.v4; do /sbin/iptables-restore "$f"; done'
173+
RemainAfterExit=yes
174+
175+
[Install]
176+
WantedBy=multi-user.target
177+
EOF
178+
systemctl daemon-reload
179+
systemctl enable iptables-restore.service
180+
echo "Created and enabled iptables-restore.service"
181+
fi
182+
183+
echo "Rules saved to $RULES_FILE"
184+
fi
185+
else
186+
echo "Warning: iptables-save not found. Rules will not persist after reboot."
187+
echo "Please install iptables-persistent package or equivalent for your distribution."
188+
fi
189+
146190
echo "Setup completed for user $USERNAME"

0 commit comments

Comments
 (0)