Firewall setup for Cesappd
In order for cesappd
to be used by the Dogus, a firewall rule must be set up.
This happens automatically** when installing cesappd and there are no manual steps necessary.
However, for the mechanism to work, ufw must be installed before installation.
A firewall rule is then built in to allow all access from the dogus docker network to the
host (port 50051).
However, if the firewall rule setup fails, for cesappd to work correctly, it must be it has to be created manually. For this, the address of the Docker network of the Dogus must be found out first. This script can be used to find out what the address of the network is:
function get_gateway_network() {
NETWORK="cesnet1"
DRIVER=$(docker network inspect ${NETWORK} -f '{{.Driver}}')
if [ "${DRIVER}" == "overlay" ]; then
NETWORK="docker_gwbridge"
fi
echo "${NETWORK}"
}
GW_NETWORK="$(get_gateway_network)"
docker network inspect "${GW_NETWORK}" -f '{{(index .IPAM.Config 0).Subnet}}'
Beispiel-Ausgabe: 172.18.0.0/16
This network address can then be used to create a firewall rule.
Using the example of ufw, the call then looks like this: ufw allow from 172.18.0.0/16 to any port 50051
.
If a firewall other than ufw
is used, a corresponding rule must be created for this firewall.
Otherwise, cesappd cannot be used by dogus.