vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 09:36:05 -08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
ef2e7886c45daf25b0965eace0d580082061a00e
NetAlertX/install/production-filesystem/entrypoint.d/80-host-mode-network.sh
Adam Outler 70373b1fbd Address coderabbit-discoverd issues
2025-11-01 18:18:32 +00:00

67 lines
2.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# detect when the container is not using host networking.
# Exit if NETALERTX_DEBUG=1
if [ "${NETALERTX_DEBUG}" = "1" ]; then
exit 0
fi
# Get the default network interface
DEFAULT_IF="$(ip route show default 0.0.0.0/0 2>/dev/null | awk 'NR==1 {print $5}')"
if [ -z "${DEFAULT_IF}" ]; then
# No default route; nothing to validate.
exit 0
fi
IF_LINK_INFO="$(ip link show "${DEFAULT_IF}" 2>/dev/null)"
IF_IP="$(ip -4 addr show "${DEFAULT_IF}" 2>/dev/null | awk '/inet / {print $2}' | head -n1)"
IF_MAC=""
if [ -r "/sys/class/net/${DEFAULT_IF}/address" ]; then
IF_MAC="$(cat "/sys/class/net/${DEFAULT_IF}/address")"
fi
looks_like_bridge="0"
# Check for common bridge MAC and IP patterns
case "${IF_MAC}" in
02:42:*) looks_like_bridge="1" ;;
00:00:00:00:00:00) looks_like_bridge="1" ;;
"") ;; # leave as is
esac
# Check for common bridge IP ranges
case "${IF_IP}" in
172.1[6-9].*|172.2[0-9].*|172.3[0-1].*) looks_like_bridge="1" ;;
192.168.65.*) looks_like_bridge="1" ;;
esac
if echo "${IF_LINK_INFO}" | grep -q "@if"; then
looks_like_bridge="1"
fi
if [ "${looks_like_bridge}" -ne 1 ]; then
exit 0
fi
YELLOW=$(printf '\033[1;33m')
RESET=$(printf '\033[0m')
>&2 printf "%s" "${YELLOW}"
>&2 cat <<EOF
══════════════════════════════════════════════════════════════════════════════
⚠️ ATTENTION: NetAlertX is not running with --network=host.
Bridge networking blocks passive discovery (ARP, NBNS, mDNS) and active
scanning accuracy. Most plugins expect raw access to the LAN through host
networking and CAP_NET_RAW capabilities.
Restart the container with:
docker run --network=host --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=NET_BIND_SERVICE
or set "network_mode: host" in docker-compose.yml.
https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/network-mode.md
══════════════════════════════════════════════════════════════════════════════
EOF
>&2 printf "%s" "${RESET}"
exit 0
Reference in New Issue View Git Blame Copy Permalink