search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
6.74k stars 333 forks source link

Feature request: Read FIREWALL_VPN_INPUT_PORTS from file/api #1297

Open EnumC opened 1 year ago

EnumC commented 1 year ago

What's the feature 🧐

For providers that only provide ephemeral port forwarding, such as Windscribe, it would be beneficial to be able to dynamically modify the firewall port via modifying a mapped file or through a REST API rather than having to modify the environmental variable and restart the entire stack.

Hypothetical example for port forwarding port 20454:

Using API:

Using file:

docker-compose.yml:

services:
  gluetun:
    environment:
      - FIREWALL_VPN_INPUT_PORTS_FILE=/vpn_port.txt
    volumes:
      - /root/docker/gluetun/vpn_port.txt:/vpn_port.txt

vpn_port.txt:

20454

The container should watch the file for changes. When it does, it deletes the previous port from the iptable and allow the new port

Current Workaround

Modify the iptables post-rules from another docker container, map the same file to gluetun, and restart gluetun container manually after each change.

post-rules.txt:

iptables -A INPUT -i tun0 -p udp --dport TARGET_PORT -j ACCEPT
iptables -A INPUT -i tun0 -p tcp --dport TARGET_PORT -j ACCEPT

Extra information and references

This will enable users who rely on ephemeral port forwarding services to programmatically modify their port forwarding. External containers such as qbittorrent-windscribe-ephemeral-port & deluge-windscribe-ephemeral-port can automatically request a port from Windscribe and modify qbittorrent/deluge port setting, All that's left is to find a programmatic way to do the same for gluetun. I think one of the more straightforward ways is to just map a simple file that contains the port number.

ngdio commented 11 months ago

I would support this. Alternatively having gluetun automatically reload the iptables post-rules when modified might do the trick also.

cchhat01 commented 8 months ago

This is interesting. I've been restarting my entire stack of gluetun + *arr + transmission containers because of this every time I need to update just the port (as an env variable changes). As per above, there are ways to do this for qbittorrent and deluge, but anything similar out there for transmission (which is my go-to torrent client), running containerized on a synology diskstation.