safebox/firewall_containers
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(network-go): handle reconnection gracefully and fix DNAT rule issues
continuous-integration/drone/push Build is passing
Details

Browse Source 
- Ignore "endpoint already exists" error in ConnectContainer on re-reconciliation
- Improve iptables comment generation to avoid trailing dashes
- Enhance DNAT rule logic: try multiple selectors and fall back to host rules
- Add missing "-t nat" flag in InsertPreroutingRuleOnInterface
This commit is contained in:
gyurix
2026-06-15 16:12:08 +02:00
parent 6c19e22deb
commit 2d6e22b9e6
4 changed files with 655 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
network-go/iptables/iptables.go
+1 -1
View File
@@ -236,7 +236,7 @@ func (m *Manager) InsertPreroutingRule(sourceIP, proto, sourcePort, targetIP, ta
// InsertPreroutingRuleOnInterface inserts a DNAT PREROUTING rule on a specific interface
func (m *Manager) InsertPreroutingRuleOnInterface(iface, proto, sourcePort, targetIP, targetPort, comment string) error {
args := []string{
"-w", "-I", "PREROUTING",
"-w", "-t", "nat", "-I", "PREROUTING",
"-i", iface,
"-p", proto,
"--dport", sourcePort,