Added PORT_SCRIPT env var.

When set a custom script can be run once a port is successfully forwarded. See issue #26
thrnz · Jun 25, 2021 · 86390ac · 86390ac
1 parent a6a225f
commit 86390ac
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -26,6 +26,7 @@ The rest are optional:
 |```PORT_FILE=/pia-shared/port.dat```|The forwarded port number is dumped here for possible access by scripts in other containers. By default this is ```/pia-shared/port.dat```.
 |```PORT_FILE_CLEANUP=0/1```|Remove the file containing the forwarded port number on exit. Defaults to 0 if not specified.
 |```PORT_PERSIST=0/1```|Set to 1 to attempt to keep the same port forwarded when the container is restarted. The port number may persist for up to two months. Defaults to 0 (always acquire a new port number) if not specified.
+|```PORT_SCRIPT=/path/to/script.sh```|Run a custom script once a port is successfully forwarded. The forwarded port number is passed as the first command line argument.
 |```FIREWALL=0/1```|Whether to block non-WireGuard traffic. Defaults to 1 if not specified.
 |```EXIT_ON_FATAL=0/1```|There is no error recovery logic at this stage. If something goes wrong we simply go to sleep. By default the container will continue running until manually stopped. Set this to 1 to force the container to exit when an error occurs. Exiting on an error may not be desirable behaviour if other containers are sharing the connection.
 |```WG_USERSPACE=0/1```|If the host OS or host Linux kernel does not support WireGuard (certain NAS systems), a userspace implementation ([wireguard-go](https://git.zx2c4.com/wireguard-go/about/)) can be enabled. Defaults to 0 if not specified.

diff --git a/pf_success.sh b/pf_success.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
 
+# This script is run once a port has been successfully forwarded
+# The port number is passed as the first argument
+
 [[ "$FIREWALL" =~ ^[0-1]$ ]] || FIREWALL=1
 
 if [ $FIREWALL -eq 1 ]; then
@@ -17,3 +20,6 @@ if [ -n "$PF_DEST_IP" ] && [ -n "$FWD_IFACE" ]; then
   iptables -A FORWARD -i wg0 -o "$FWD_IFACE" -p udp -d "$PF_DEST_IP" --dport "$1" -j ACCEPT
   echo "$(date): Forwarding incoming VPN traffic on port $1 to $PF_DEST_IP:$1"
 fi
+
+# Run another user-defined script if defined and present
+[ -n "$PORT_SCRIPT" ] && [ -x "$PORT_SCRIPT" ] && echo "$(date): Running user-defined script: $PORT_SCRIPT" && eval "$PORT_SCRIPT $1" &