fix: add iptables package and simplify iptables rules

- Add iptables package in Dockerfile alongside iptables-legacy for compatibility. - Remove redundant `-m tcp` from iptables commands in set_gateway.sh since `-p tcp` already implies the TCP module when using `--dport`.
2026-06-15 08:13:59 +02:00
parent eeef07d964
commit f45ae6e544
2 changed files with 5 additions and 5 deletions
@@ -12,7 +12,7 @@ COPY --from=0 /root/.cargo/bin/boringtun-cli /usr/bin/boringtun
 # replace the commented line with the following after service-exec go update
 #RUN apk add --no-cache tini wireguard-tools \
-RUN apk add --no-cache tini wireguard-tools iptables-legacy \
+RUN apk add --no-cache tini wireguard-tools iptables-legacy iptables \
 && apk add --no-cache --virtual .build-deps libcap \
 && setcap cap_net_admin+ep /usr/bin/boringtun \
 && apk del --purge .build-deps \
@@ -5,10 +5,10 @@ IP_GATEWAY=$(route -n | grep 'UG[ \t]' | awk '{print $2}');
 route add -host $ENDPOINT gw $IP_GATEWAY;
 # temporary added iptables lines
-iptables-legacy -t nat -I PREROUTING -i wg0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.18.103.2:80
+iptables-legacy -t nat -I PREROUTING -i wg0 -p tcp --dport 80 -j DNAT --to-destination 172.18.103.2:80
-iptables-legacy -t nat -I PREROUTING -i wg0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.18.103.2:443
+iptables-legacy -t nat -I PREROUTING -i wg0 -p tcp --dport 443 -j DNAT --to-destination 172.18.103.2:443
-iptables-legacy -t nat -I POSTROUTING -d 172.18.103.0/24 -p tcp -m tcp --dport 80 -j MASQUERADE
+iptables-legacy -t nat -I POSTROUTING -d 172.18.103.0/24 -p tcp --dport 80 -j MASQUERADE
-iptables-legacy -t nat -I POSTROUTING -d 172.18.103.0/24 -p tcp -m tcp --dport 443 -j MASQUERADE
+iptables-legacy -t nat -I POSTROUTING -d 172.18.103.0/24 -p tcp --dport 443 -j MASQUERADE
 # need to remove after service-exec go update
 /etc/wireguard/persistentkeepalive.sh &