Configure Patches ¶
Before you run the downloaded patcher; there are several files you must open and edit. Do not run the patcher yet.
Docker¶
The Docker patch has a few settings that must be modified. To change these settings, open the file:
Find the following settings:
DOCKER_INT="docker0"
CSF_FILE_ALLOW="/etc/csf/csf.allow"
CSF_COMMENT="Docker container whitelist"
DEBUG_ENABLED="false"
# #
# list > network ips
#
# this is the list of IP addresses you will use with docker that must be
# whitelisted.
# #
IP_CONTAINERS=(
'172.17.0.0/16'
)
The settings are outlined below:
Setting | Description |
---|---|
DOCKER_INT |
main docker network interface |
CSF_FILE_ALLOW |
Path to your csf.allow file |
CSF_COMMENT |
comment added to each new whitelisted docker ip |
DEBUG_ENABLED |
debugging / better logs |
IP_CONTAINERS |
list of ip address blocks you will be using for your docker setup. these blocks will be whitelisted through ConfigServer Firewall |
Settings¶
Each individual setting with a detailed description
DOCKER_INT¶
2.0.0 docker0
The main docker visual bridge network name; this is usually docker0
, however, it can be changed. You can find a list of these by running the command
CSF_FILE_ALLOW¶
2.0.0 /etc/csf/csf.allow
The full path to your ConfigServer's csf.allow
file. Each time an IP from one of your docker containers is detected, the IP will be whitelisted in ConfigServer Firewall.
CSF_COMMENT¶
2.0.0 Docker container whitelist
This is the comment that will be appended to each IP that is added to your ConfigServer's allow.csf
whitelist file.
DEBUG_ENABLED¶
2.0.0 false
If set true
, additional information will be printed to terminal when the user executes sudo csf -ra
IP_CONTAINERS¶
2.0.0 172.17.0.0/16
A list of IP blocks that you use within docker for container assignment.
OpenVPN¶
The OpenVPN patch has a few settings that must be modified. To change these settings, open the file:
Find the following settings:
ETH_ADAPTER=$(ip route | grep default | sed -e "s/^.*dev.//" -e "s/.proto.*//")
TUN_ADAPTER=$(ip -br l | awk '$1 ~ "^tun[0-9]" { print $1}')
IP_PUBLIC=$(curl -s ipinfo.io/ip)
DEBUG_ENABLED="false"
# #
# list > vpn ips
#
# this is the IP pool assigned to a user who connects to your vpn server
# #
IP_POOL=(
'10.8.0.0/24'
)
The settings are outlined below:
Setting | Description |
---|---|
ETH_ADAPTER |
name of primary network adapter |
TUN_ADAPTER |
name of OpenVPN tunnel adapter |
IP_PUBLIC |
public IP to your server |
DEBUG_ENABLED |
debugging / better logs |
IP_POOL |
list of subnets assigned to your OpenVPN server |
Settings¶
Each individual setting with a detailed description
ETH_ADAPTER¶
2.0.0 $(ip route | grep default | sed -e "s/^.*dev.//" -e "s/.proto.*//")
The name of your primary server network adapter. This is usually eth*
, enp*
, etc.
The default value attempts to auto-detect your network adapter name, however, you can specify the name manually:
You can usually find your main network adapter with the command:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet XX.XX.XX.XX netmask 255.255.248.0 broadcast XX.XX.XX.XX
inet6 ea24::a1bd:ef15:15a5:aae prefixlen 64 scopeid 0x20<link>
ether 01:15:72:15:2a:ab txqueuelen 1000 (Ethernet)
RX packets 101924006 bytes 383095603887 (383.0 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 100519601 bytes 134852355384 (134.8 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 7741770 bytes 2099091655 (2.0 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7741770 bytes 2099091655 (2.0 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
TUN_ADAPTER¶
2.0.0 $(ip -br l | awk '$1 ~ "^tun[0-9]" { print $1}')
The name of the primary OpenVPN tunnel adapter name. This is usually tun*
.
The default value attempts to auto-detect your tunnel adapter name, however, you can specify the tunnel name manually:
You can usually find your main network adapter with the command:
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1
inet6 fe80::d70f:d8a8:32ab:1292 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 620722 bytes 134501334 (134.5 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1449168 bytes 1756905789 (1.7 GB)
TX errors 0 dropped 37128 overruns 0 carrier 0 collisions 0
IP_PUBLIC¶
2.0.0 $(curl -s ipinfo.io/ip)
The public IP address of your server.
The default value attempts to auto-detect your public IP address, however, you can specify the ip manually:
There are a few ways that you can obtain your server's public IP address:
DEBUG_ENABLED¶
2.0.0 false
If set true
, additional information will be printed to terminal when the patch is ran.
IP_POOL¶
2.0.0 10.8.0.0/24
A list of subnets assigned to your OpenVPN server.