DATA/deerflow-factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add RUN.md quick reference; fix status display in firewall script

Browse Source 
- RUN.md: start/stop/inspect/smoke-test commands for the hardened
  DeerFlow stack on data-nuc, including the docker compose -f overlay
  invocation and a copy-paste smoke test that verifies allow + block
  destinations from inside the container.

- scripts/deerflow-firewall.sh: status now uses iptables -nvL so the
  input-interface column is included, and the awk filter shows the
  header plus all rules matching br-deerflow. The previous version
  used -nL which omits the interface column entirely, so the grep
  found nothing even when the rules were correctly installed.
This commit is contained in:
DATA
2026-04-12 15:19:47 +02:00
parent 75315d958e
commit 7f3f9bff6e
2 changed files with 115 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/deerflow-firewall.sh
View File

@@ -119,8 +119,9 @@ cmd_down() {
cmd_status() {
require_chain
echo "DOCKER-USER chain (relevant rules):"
iptables -w -nL "$CHAIN" --line-numbers | grep -E "$BRIDGE|^Chain|^num" || true
echo "DOCKER-USER chain (rules matching $BRIDGE):"
# -nvL prints the input interface column so we can grep for our bridge.
iptables -w -nvL "$CHAIN" --line-numbers | awk -v b="$BRIDGE" 'NR<=2 || $0 ~ b'
if ip link show "$BRIDGE" >/dev/null 2>&1; then
echo