adding net_iface variable

IPFR33LY · Mar 10, 2019 · bb27b9b · bb27b9b
1 parent f634664
commit bb27b9b
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -13,6 +13,8 @@ RUN apk --no-cache --no-progress upgrade && \
 HEALTHCHECK --interval=60s --timeout=15s --start-period=120s \
              CMD curl -L 'https://api.ipify.org'
 
+ENV NET_IFACE=eth0
+
 VOLUME ["/vpn"]
 ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/nordVpn.sh"]
 COPY nordVpn.sh /usr/bin
diff --git a/README.md b/README.md
@@ -105,12 +105,14 @@ The container is as simple as it can be, in order to reconnect automatically whe
  * `NETWORK`  - CIDR networks (IE 192.168.1.0/24), add a route to allows replies once the VPN is up.
  * `NETWORK6` - CIDR IPv6 networks (IE fe00:d34d:b33f::/64), add a route to allows replies once the VPN is up.
  * `OPENVPN_OPTS` - Used to pass extra parameters to openvpn [full list](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/).
- * `TZ` - Set a timezone (IE EST5EDT, America/Denver, [full list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones))
- * `GROUPID` - Set the GID for the vpn
+ * `TZ` - Set a timezone (IE EST5EDT, America/Denver, [full list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)).
+ * `GROUPID` - Set the GID for the vpn.
+ * `NET_IFACE` - Network Interface to bind the vpn (Useful when combined with `--network host` to protect the entire host).
 
 # Versions 
  * **2019.03.09**
     - Add WHITELIST variable.
+    - Add NET_IFACE variable. 
  * **2019.03.03**
     - Fix docker-compose documentation [#21](https://github.com/bubuntux/nordvpn/issues/21).
     - Use UTC timezone for tags.

diff --git a/nordVpn.sh b/nordVpn.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 
 firewall() { # Everything has to go through the vpn
-    local docker_network="$(  ip -o addr show dev eth0 | awk '$3 == "inet"  {print $4}'      )" \
-          docker6_network="$( ip -o addr show dev eth0 | awk '$3 == "inet6" {print $4; exit}')"
+    local docker_network=` ip -o addr show dev ${NET_IFACE} | awk '$3 == "inet"  {print $4}'      ` \
+          docker6_network=`ip -o addr show dev ${NET_IFACE} | awk '$3 == "inet6" {print $4; exit}'`
 
     echo "Staring firewall..." > /dev/stderr
     iptables  -F OUTPUT
@@ -38,22 +38,22 @@ firewall() { # Everything has to go through the vpn
 return_route() { # Add a route back to your network, so that return traffic works
     local network="$1" gw="$(ip route | awk '/default/ {print $3}')"
     echo "Adding network route ${network}..." > /dev/stderr
-    ip route add to ${network} via ${gw} dev eth0
+    ip route add to ${network} via ${gw} dev ${NET_IFACE}
     iptables -A OUTPUT --destination ${network} -j ACCEPT
 }
 
 return_route6() { # Add a route back to your network, so that return traffic works
     local network="$1" gw="$(ip -6 route | awk '/default/ {print $3}')"
     echo "Adding network route ${network}..." > /dev/stderr
-    ip -6 route add to ${network} via ${gw} dev eth0
+    ip -6 route add to ${network} via ${gw} dev ${NET_IFACE}
     ip6tables -A OUTPUT --destination ${network} -j ACCEPT 2> /dev/null
 }
 
 white_list() { # Allow unsecured traffic for an specific domain
     local domain=`echo $1 | sed 's/^.*:\/\///;s/\/.*$//'`
     echo "Whitelisting ${domain}..." > /dev/stderr
-    iptables  -A OUTPUT -o eth0 -d ${domain} -j ACCEPT
-    ip6tables -A OUTPUT -o eth0 -d ${domain} -j ACCEPT 2> /dev/null
+    iptables  -A OUTPUT -o ${NET_IFACE} -d ${domain} -j ACCEPT
+    ip6tables -A OUTPUT -o ${NET_IFACE} -d ${domain} -j ACCEPT 2> /dev/null
 }
 
 download_ovpn() { # Download ovpn files into the specified directory