From 76aef119bd712a3602f83da404b37666d8a848ce Mon Sep 17 00:00:00 2001
From: Nick <xor-g@arrowlab.ru>
Date: Wed, 23 Oct 2024 03:18:58 +0300
Subject: [PATCH] 3 stage is work

---
 Dockerfile                |  6 +++++-
 docker-compose.yml        | 31 +++++++++++++++++++++++++++----
 scripts/knocking_setup.sh | 21 +++++++++++++++++++++
 3 files changed, 53 insertions(+), 5 deletions(-)
 create mode 100755 scripts/knocking_setup.sh

diff --git a/Dockerfile b/Dockerfile
index 0601f74..9de9cc5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,11 @@ ARG NET_NAME=kek
 ARG CONTAINER_NAME=lol
 ARG STATIC_FILE=/usr/share/nginx/html/index.html
 
+COPY ./scripts/knocking_setup.sh /root/scripts/knocking_setup.sh
 
 RUN sed -i '13,21d' $STATIC_FILE && \
-    sed -i "13i <h2>$NET_NAME<br>$CONTAINER_NAME</h2>" $STATIC_FILE
+    sed -i "13i <table>\
+    <tr><th>NETWORK</th><th>CONTAINER</th></tr>\
+    <tr><td>$NET_NAME</td><td>$CONTAINER_NAME</td></tr>\
+    </table>" $STATIC_FILE
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 8c50630..b2379ac 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,17 +3,25 @@ version: "3"
 services:
 # ----------------------------------------------
   ngx1-net1:
+    container_name: ngx1_net1
     build: 
       context: .
       args:
         NET_NAME: net_1
         CONTAINER_NAME: container_1
     ports:
-      - "8080:80"
+      - "8081:80"
+    command: >
+      bash -c "apt update
+      && apt install knockd iptables iproute2 vim curl -y
+      && /root/scripts/knocking_setup.sh && nginx && knockd -d && sleep infinity"
     networks:
       - net_1
       - net_3
+    cap_add:
+      - NET_ADMIN
   ngx2-net1:
+    container_name: ngx2_net1
     build: 
       context: .
       args:
@@ -23,31 +31,40 @@ services:
       - net_1
 # ----------------------------------------------
   ngx1-net2:
+    container_name: ngx1_net2
     build:
       context: .
       args:
         NET_NAME: net_2
         CONTAINER_NAME: container_1
     ports:
-      - "8081:80"
+      - "8082:80"
+    command: >
+      bash -c "apt update
+      && apt install knockd iptables iproute2 vim curl -y
+      && /root/scripts/knocking_setup.sh && nginx && knockd -d && sleep infinity"
     networks:
       - net_2
       - net_3
+    cap_add:
+      - NET_ADMIN
   ngx2-net2:
+    container_name: ngx2_net2
     build:
       context: .
       args:
         NET_NAME: net_2
         CONTAINER_NAME: container_2
+    restart: on-failure
     networks:
       - net_2
 # ----------------------------------------------
   visor:
+    container_name: visor
     image: ubuntu:latest
-    restart: on-failure
     command: >
       bash -c "apt update
-      && apt install iproute2 vim curl nmap -y
+      && apt install iproute2 vim curl nmap knockd -y
       && sleep infinity"
     networks:
       - net_3
@@ -56,3 +73,9 @@ networks:
   net_1:
   net_2:
   net_3:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: "172.28.0.0/16"
+          gateway: "172.28.0.1"
diff --git a/scripts/knocking_setup.sh b/scripts/knocking_setup.sh
new file mode 100755
index 0000000..ef37499
--- /dev/null
+++ b/scripts/knocking_setup.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+
+echo -E "
+[options]
+Interface = eth1
+
+[openNGINX]
+sequence    = 8100, 7200, 13000
+seq_timeout = 5
+command     = /sbin/iptables -D INPUT -p tcp --dport 80 -j REJECT
+tcpflags    = syn
+
+[closeNGINX]
+sequence    = 6300, 5200, 12001
+seq_timeout = 5
+command     = /sbin/iptables -A INPUT -p tcp --dport 80 -j REJECT
+tcpflags    = syn
+" > /etc/knockd.conf
+
+/sbin/iptables -A INPUT -p tcp --dport 80 -j REJECT