Skip to content

v1.0.1 - Bugfixes, dependency updates
Compare
Choose a tag to compare
@pitkley pitkley released this 28 Sep 11:04
1.0.1
This tag was signed with the committer’s verified signature.
pitkley Pit
GPG key ID: 78CEE08B0377C481
Learn about vigilant mode.
ebfe872
This commit was signed with the committer’s verified signature.
pitkley Pit
GPG key ID: 78CEE08B0377C481
Learn about vigilant mode.

Summary

This is a small release, fixing the source-CIDR filtering for wider-world-to-container rules. v1.0.0 broke this functionality with introduction of IPv6 support, which unfortunately was incomplete. v1.0.1 fixes this by splitting the source_cidr field into source_cidr_v4 and source_cidr_v6 (this change is backwards-compatible), allowing you to specify your sources separately for IPv4 and IPv6:

[[wider_world_to_container.rules]]
network = "network"
dst_container = "dst_container"
expose_port = 22
external_network_interface = "eni"
source_cidr_v4 = ["192.0.2.1/32", "192.0.2.2/32"]
source_cidr_v6 = ["2001:db8::1/128", "2001:db8::2/128"]

Installation

While you can use Cargo to install dfw as a binary, using the Docker image is the preferred
way to go, especially if you don't want to install Rust and Cargo on your host:

$ docker pull pitkley/dfw:1.0.1
$ docker run -d \
      --name=dfw \
      --restart=unless-stopped \
      -v /var/run/docker.sock:/var/run/docker.sock:ro \
      -v /path/to/your/config:/config \
      --net host --cap-add=NET_ADMIN \
      pitkley/dfw:1.0.1 --config-path /config

This will download a lightweight image, coming in at under 7 MB, and subsequently run it using
your configuration.

Assets 2
Loading