Made to Order Software Corporation Logo

rules

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Protected Node Rules Support

The following features are available only when installing the Rules extension of protected nodes. This extension requires the thrid party Rules extension for Drupal.

Protected Node Rules Conditions

When handling a Node, it is possible to check whether the node is currently protected or locked.

Protected Nodes

A node is said protected when the node was protected by a password using the Protected node module.

Whether the user can view that node is irrevelant in this case. Only the fact that the node requires a password to be viewed is what this condition checks.

Locked Nodes

A ...

Protected Node Password Fork Feature

Password Fork

The new module allows for a password fork.

This means you can send your users to one specific page, and tell them about a password to use on that one page. Depending on the password, they will be sent to one of several nodes.

This works in a very similar way as the other password form, except that there is no specific destination, and the users need to know any one of the passwords.

The feature uses a specific URL defined as follow:

/protected-nodes?protected_pages=<nid1>,<nid2>,...&back=<url>

  • protected_pages=<nid1>,<nid2>,...

This

To Do Rules

The To Do module includes a sub-module called To Do Rules extension.

Events

The Rules extension includes the events as follow.

Each event is sent once per user assigned to a To Do item, including self-assigned users. It includes 4 parameters: the To Do item (a node); the To Do item author; the currently logged in user; and the assigned user. The node supports additional tokens that can be used as conditions (see below).

  • To Do Event Started

This event occurs when the Start button is clicked on a To Do item. This event is sent once.

  • To Do Event Reminder

This event

To Do List API

To Do List offered Hooks

Since version 1.1, the To Do List module includes a few module_invoke() calls that other modules can catch via one of the following hooks.

To Do List Global Settings

Global Settings

Global settings are found under Administer » Site configuration » To do list (admin/settings/to_do).

Only To Do List administrators can edit the Global Settings.

To Do List Installation

Basic To Do List Installation

Install the module as usual, generally under your sites/all/modules folder. On a Unix command line, you can use the tar tool like this:

  cd sites/all/modules
  tar -xf to_do.tar.gz

Then go to Administer » Site building » Modules and enable the To do list module.

To Do List Requirements

Requirements

The following are the requirements for the To Do List module.

To Do Items

The basic To Do List module offers you a new Node type and several User lists. There are no specific requirements for the main module to work other than Drupal Core.

Block

The Block module is mandatory, so in itself it is not a requirement.

In order to use the To Do List Block sub-module, you need the Core Block module.

Terms & Conditions

Made to Order Software Corporation
Terms and Conditions for the Online Services
offered by Made to Order Software Corporation

This Agreement ("Agreement") is by and between Made to Order Software Corporation ("m2osw") a Californian Corporation and You, your heirs, your agents, successors and assigns ("You" and "Your"), and is made effective as of the date of electronic execution, which is when you register for an electronic account to use the Web site of m2osw. This Agreement sets forth the terms and conditions of Your use of the Online Services ...

Turn Watcher 1.2 is out!

Made to Order Software Corporation is proud to announce the 1.2 release of Turn Watcher, an Initiative and Effects Tracker...and more!

Version 1.2 now supports spell and other effect tracking. A optional new window appears at the bottom of the main window that allows you to add, edit and remove effects for the currently highlighted combatant. When an effect expires on the current combatant's turn, you are alerted and asked if you wish to delete the expired effect.

You may also add effects to multiple characters at once by highlighting them, then clicking the "A" button. ...