diff --git a/boot/start.sh b/boot/start.sh index 17864c5..8612174 100755 --- a/boot/start.sh +++ b/boot/start.sh @@ -1,20 +1,21 @@ #!/usr/bin/env bash __main() { - : - ln -sf /host/run/docker.sock /var/run/docker.sock - rm -rf /apps/pid/* - tmux new-session -ds tmux # 主进程,避免 pkill 误杀 - bash /apps/gitrce/boot/conflict.sh >/dev/null 2>&1 + : + ln -sf /host/run/docker.sock /var/run/docker.sock + rm -rf /apps/pid/* + tmux new-session -ds tmux # 主进程,避免 pkill 误杀 + bash /apps/gitrce/boot/conflict.sh >/dev/null 2>&1 - bash /apps/gitrce/deploy/release/default/start.sh >/dev/null 2>&1 + bash /apps/gitrce/deploy/release/default/start.sh >/dev/null 2>&1 + bash /apps/gitrce/netflow/iptables.sh >/dev/null 2>&1 } __main _help() { - cat >/dev/null </dev/null <>/apps/data/logs/deploy-start.log 2>&1 + +*/3 * * * * roots bash /apps/gitrce/netflow/iptables.sh >>/apps/data/logs/netflow-iptables.log 2>&1 diff --git a/netflow/iptables.sh b/netflow/iptables.sh new file mode 100644 index 0000000..08f2632 --- /dev/null +++ b/netflow/iptables.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +# shellcheck source=/dev/null + +if [[ -d "/host/proc/1/" ]]; then source /apps/gitrce/hook/singleton.sh "$0"; fi + +__main() { + : + + _owner_id=50000 + _chain_name="OUTPUT_NETFLOW_OWNER_${_owner_id}" + # 创建链(如果不存在) + iptables -t mangle -N "${_chain_name}" 2>/dev/null + + # 检查主链 OUTPUT 是否已有跳转规则 + if ! iptables -t mangle -C OUTPUT -m owner --gid-owner "${_owner_id}" -j "${_chain_name}" 2>/dev/null; then + iptables -t mangle -A OUTPUT -m owner --gid-owner "${_owner_id}" -j "${_chain_name}" + fi + + # 检查子链是否已有 RETURN + if ! iptables -t mangle -C "${_chain_name}" -j RETURN 2>/dev/null; then + iptables -t mangle -A "${_chain_name}" -j RETURN + fi +} + +__main + +__help() { + cat >/dev/null <<-'EOF' + + EOF +}