zhanj/claude-code
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code.git synced 2026-04-16 07:42:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

simplify Docker DNS restoration using grep and xargs approach

Browse Source
This commit is contained in:
shota-0129
2025-07-30 14:22:15 +09:00
parent 8b2cbe3f86
commit 78e0785950
1 changed files with 10 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.devcontainer/init-firewall.sh
View File

@@ -2,9 +2,8 @@
set -euo pipefail # Exit on error, undefined vars, and pipeline failures set -euo pipefail # Exit on error, undefined vars, and pipeline failures
IFS=$'\n\t' # Stricter word splitting IFS=$'\n\t' # Stricter word splitting
# Extract Docker DNS ports before cleanup (for protection) # 1. Extract Docker DNS info BEFORE any flushing
TCP_PORT=$(iptables -t nat -L DOCKER_OUTPUT -n 2>/dev/null | grep 'tcp.*to:127.0.0.11:' | sed 's/.*127\.0\.0\.11://g' | cut -d' ' -f1 || echo "") DOCKER_DNS_RULES=$(iptables-save -t nat | grep "127\.0\.0\.11")
UDP_PORT=$(iptables -t nat -L DOCKER_OUTPUT -n 2>/dev/null | grep 'udp.*to:127.0.0.11:' | sed 's/.*127\.0\.0\.11://g' | cut -d' ' -f1 || echo "")
# Flush existing rules and delete existing ipsets # Flush existing rules and delete existing ipsets
iptables -F iptables -F
@@ -15,17 +14,14 @@ iptables -t mangle -F
iptables -t mangle -X iptables -t mangle -X
ipset destroy allowed-domains 2>/dev/null || true ipset destroy allowed-domains 2>/dev/null || true
# Restore Docker DNS NAT rules if they existed # 2. Selectively restore ONLY internal Docker DNS resolution
if [ -n "$TCP_PORT" ] && [ -n "$UDP_PORT" ]; then if [ -n "$DOCKER_DNS_RULES" ]; then
echo "Restoring Docker DNS with TCP:$TCP_PORT, UDP:$UDP_PORT" echo "Restoring Docker DNS rules..."
iptables -t nat -N DOCKER_OUTPUT iptables -t nat -N DOCKER_OUTPUT 2>/dev/null || true
iptables -t nat -N DOCKER_POSTROUTING iptables -t nat -N DOCKER_POSTROUTING 2>/dev/null || true
iptables -t nat -A OUTPUT -d 127.0.0.11/32 -j DOCKER_OUTPUT echo "$DOCKER_DNS_RULES" | xargs -L 1 iptables -t nat
iptables -t nat -A POSTROUTING -d 127.0.0.11/32 -j DOCKER_POSTROUTING else
iptables -t nat -A DOCKER_OUTPUT -d 127.0.0.11/32 -p tcp -j DNAT --to-destination 127.0.0.11:$TCP_PORT echo "No Docker DNS rules to restore"
iptables -t nat -A DOCKER_OUTPUT -d 127.0.0.11/32 -p udp -j DNAT --to-destination 127.0.0.11:$UDP_PORT
iptables -t nat -A DOCKER_POSTROUTING -s 127.0.0.11/32 -p tcp -j SNAT --to-source :53
iptables -t nat -A DOCKER_POSTROUTING -s 127.0.0.11/32 -p udp -j SNAT --to-source :53
fi fi
# First allow DNS and localhost before any restrictions # First allow DNS and localhost before any restrictions