Added ip6tables & fixed sudo permissions

Added ip6tables to container, updated sudo permissions

Author: SloCompTech

CHANGELOG.md

@@ -1,12 +1,13 @@
 # Changelog
 
-### 1.0.5 - Bugfix, finish hook, persistent interface, no firewall
+### 1.0.5 - Bugfix, finish hook, persistent interface, no firewall ...
 
 - Fixed bug when running hooks (#3)
 - Added **finish** hook (which runs just before container exit)
 - Added **persistent interface** option, so interface is persistently present on device (if using host networking mode) and firewall setup rules are executed **only once** (no ip tables mess) (#1)
 - Logging chaned to stdout, no more log file by default
 - Added **firewall disable** feature to disable all firewall related modifications
+- Added `ìp6tables` & more permissions to *ip utils*
 
 ### 1.0.4 - IPv6 docs, improved wizards
 

Dockerfile

@@ -55,15 +55,18 @@ ENV PATH="/app/bin:$PATH" \
 RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/main/" >> /etc/apk/repositories && \
     apk add --no-cache \
     # Core packages
-    bash sudo iptables git openvpn easy-rsa && \
+    bash sudo iptables ip6tables git openvpn easy-rsa && \
     # Link easy-rsa in bin directory
     ln -s ${EASYRSA}/easyrsa /usr/local/bin && \
     # Link python3 also as python
     ln -s /usr/bin/python3 /usr/bin/python && \
     # Remove any temporary files created by apk
     rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/* && \
     # Add permission for network management to user abc
-    echo "abc ALL=(ALL) NOPASSWD: /sbin/ip, /sbin/iptables" >> /etc/sudoers
+    echo "abc ALL=(ALL) NOPASSWD: /sbin/ip, /sbin/ip6tables, /sbin/ip6tables-compat, /sbin/ip6tables-compat-restore, /sbin/ip6tables-compat-save, /sbin/ip6tables-restore, /sbin/ip6tables-restore-translate, \
+        /sbin/ip6tables-save, /sbin/ip6tables-translate, /sbin/iptables, /sbin/iptables-compat, /sbin/iptables-compat-restore, /sbin/iptables-compat-save, \
+        /sbin/iptables-restore, /sbin/iptables-restore-translate, /sbin/iptables-save, /sbin/iptables-translate, /sbin/route" \
+        >> /etc/sudoers.d/abc
 
 # Add repo files to image
 COPY root/ /

root/defaults/example/README.md

@@ -94,4 +94,4 @@ Hooks are located in `hook` directory. Please follow hook guidelines:
     - What this hook does
     - Setttings with comments and an example settings values
 
-**Note:** All hooks run as non-root user so instead of using `ip` and `iptables` use `ovpn-ip` and `ovpn-iptables`.
+**Note:** All hooks run as non-root user so instead of using `ip` and `iptables` use `ovpn-ip`, `ovpn-iptables`, `ovpn-ip6tables` (see [/root/usr/local/sbin](/usr/local/sbin)).

root/usr/local/sbin/ovpn-ip6tables

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+#
+# Modify iptables without root user
+#
+sudo /sbin/ip6tables "$@"

root/usr/local/sbin/ovpn-route

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+#
+# Modify iptables without root user
+#
+sudo /sbin/route "$@"