From 4281936ff435fd0e63725b88ac5486c0c1cd4378 Mon Sep 17 00:00:00 2001
From: Tyler Goodlet <jgbt@protonmail.com>
Date: Sat, 4 Jun 2022 20:13:53 -0400
Subject: [PATCH] Add readme for `ib-gw` container usage

---
 dockering/ib/README.rst     | 30 ++++++++++++++++++++++++++++++
 dockering/ib/run_x11_vnc.sh |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 dockering/ib/README.rst

diff --git a/dockering/ib/README.rst b/dockering/ib/README.rst
new file mode 100644
index 00000000..3f9e01b9
--- /dev/null
+++ b/dockering/ib/README.rst
@@ -0,0 +1,30 @@
+running ``ib`` gateway in ``docker``
+------------------------------------
+We have a config based on the (now defunct)
+image from "waytrade":
+
+https://github.com/waytrade/ib-gateway-docker
+
+To startup this image with our custom settings
+simply run the command::
+
+    docker compose up
+
+And you should have the following socket-available services:
+
+- ``x11vnc1@127.0.0.1:3003``
+- ``ib-gw@127.0.0.1:4002``
+
+You can attach to the container via a VNC client
+without password auth.
+
+SECURITY STUFF!?!?!
+-------------------
+Though "``ib``" claims they host filter connections outside
+localhost (aka ``127.0.0.1``) it's probably better if you filter
+the socket at the OS level using a stateless firewall rule::
+
+    ip rule add not unicast iif lo to 0.0.0.0/0 dport 4002
+
+We will soon have this baked into our own custom image but for
+now you'll have to do it urself dawgy.
diff --git a/dockering/ib/run_x11_vnc.sh b/dockering/ib/run_x11_vnc.sh
index dcbe0f54..c87dc2bb 100755
--- a/dockering/ib/run_x11_vnc.sh
+++ b/dockering/ib/run_x11_vnc.sh
@@ -1,5 +1,6 @@
 #!/bin/sh
 
+# start VNC server
 x11vnc \
     -ncache_cr \
     -listen localhost \