From 89aae2a6dd5fadcd443c8cd07368c42981253cf1 Mon Sep 17 00:00:00 2001 From: Bengt Brodersen Date: Mon, 29 Jul 2024 10:46:35 +0200 Subject: [PATCH 1/5] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4f21e09..fa7f3aa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -FROM alpine:3.20.1 +FROM alpine:3.20.2 RUN apk --no-cache upgrade \ && apk --no-cache add \ From 3398ca4e115f630fa43fba01b11b201760465936 Mon Sep 17 00:00:00 2001 From: Bengt Brodersen Date: Mon, 29 Jul 2024 10:53:51 +0200 Subject: [PATCH 2/5] Update entrypoint.sh --- entrypoint.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index eb6be3d..e7ec61a 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -3,6 +3,11 @@ set -euo pipefail c=$'\n\t' +# since alpine version 3.19.0 iptables-nft is used by default (https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.19.0), +# however this causes compatibility issues for hosts with older kernels (e.g. Windows > https://github.com/microsoft/WSL/issues/6044), +# therefore we still use iptables-legacy +alias iptables=iptables-legacy + # --- Ensure container network capabilities ---------------------------------- if ! capsh --has-p='cap_net_admin' --has-p='cap_net_raw' &>/dev/null @@ -82,20 +87,20 @@ do # nft add rule nat prerouting tcp \ # dport "${docker_container_port}" \ # dnat to "$docker_host_ip:$docker_host_port" - iptables-legacy --table nat --insert PREROUTING \ + iptables --table nat --insert PREROUTING \ --protocol tcp --destination-port "${docker_container_port/-/:}" \ --jump DNAT --to-destination "$docker_host_ip:$docker_host_port" # nft add rule nat prerouting udp \ # dport "${docker_container_port}" \ # dnat to "$docker_host_ip:$docker_host_port" - iptables-legacy --table nat --insert PREROUTING \ + iptables --table nat --insert PREROUTING \ --protocol udp --destination-port "${docker_container_port/-/:}" \ --jump DNAT --to-destination "$docker_host_ip:$docker_host_port" done # nft add rule nat postrouting masquerade -iptables-legacy --table nat --insert POSTROUTING --jump MASQUERADE +iptables --table nat --insert POSTROUTING --jump MASQUERADE # --- Drop root access and "Ah, ha, ha, ha, stayin' alive" --------------------- From a6dcde448dd66fe76a882b7d7ede0b1d1415aa24 Mon Sep 17 00:00:00 2001 From: Bengt Brodersen Date: Mon, 29 Jul 2024 11:01:00 +0200 Subject: [PATCH 3/5] Update README.md --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 15b58fd..379258d 100644 --- a/README.md +++ b/README.md @@ -17,13 +17,11 @@ can read that as both `docker` and `podman` (it works for both), unless otherwise specified. This container will determine docker host address in the following order -* Use ip from environment variable `DOCKER_HOST` if set +* If set use ip from environment variable `DOCKER_HOST` * This allows you to use this image to forward traffic to arbitrary destinations, not only the docker host. * Try to resolve host using DNS names e.g. `getent ahostsv4 host.docker.internal` * docker hostname `host.docker.internal` * podman hostname `host.containers.internal` - - * Defaults to default gateway (`ip -4 route show default`) #### Ports From c4ea6155bd991ef5cfd52ef11351a6bb4984204f Mon Sep 17 00:00:00 2001 From: Bengt Brodersen Date: Mon, 29 Jul 2024 11:05:23 +0200 Subject: [PATCH 4/5] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 379258d..f6b31ce 100644 --- a/README.md +++ b/README.md @@ -16,10 +16,10 @@ also works for (rootless) podman. This README.md uses the term docker, but you can read that as both `docker` and `podman` (it works for both), unless otherwise specified. -This container will determine docker host address in the following order -* If set use ip from environment variable `DOCKER_HOST` +This container will determine the docker host address in the following order +* If set use environment variable `DOCKER_HOST`. Can be an IP address or a DNS name. * This allows you to use this image to forward traffic to arbitrary destinations, not only the docker host. -* Try to resolve host using DNS names e.g. `getent ahostsv4 host.docker.internal` +* Try to resolve host address from DNS names. * docker hostname `host.docker.internal` * podman hostname `host.containers.internal` * Defaults to default gateway (`ip -4 route show default`) From 236ff50e8fb48613f63f458aa66be4e4aed7dcda Mon Sep 17 00:00:00 2001 From: Bengt Brodersen Date: Mon, 29 Jul 2024 11:06:57 +0200 Subject: [PATCH 5/5] Update dockerimage.yml --- .github/workflows/dockerimage.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 8b306bb..fdc3585 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -4,6 +4,9 @@ on: push: branches: - "*" + paths: + - Dockerfile + - entrypoint.sh tags: - "v*"