From 78336e55a31db578c139a5bb472aa0fc219c169d Mon Sep 17 00:00:00 2001 From: Xiaoxu Guo Date: Thu, 4 Aug 2022 16:24:04 +0800 Subject: [PATCH] fixed for Docker Compose --- service/core/iptables/tproxy.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/core/iptables/tproxy.go +++ b/core/iptables/tproxy.go @@ -65,6 +65,7 @@ iptables -w 2 -t mangle -A TP_PRE -p udp iptables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark iptables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN +iptables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN iptables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN iptables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN ` @@ -123,6 +124,8 @@ ip6tables -w 2 -t mangle -A TP_PRE -p ud ip6tables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN +ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN +ip6tables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN ip6tables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN ip6tables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN ` @@ -156,7 +159,7 @@ ip6tables -w 2 -t mangle -A TP_MARK -j C func (t *tproxy) GetCleanCommands() Setter { commands := ` -ip rule del fwmark 0x40/0xc0 table 100 +ip rule del fwmark 0x40/0xc0 table 100 ip route del local 0.0.0.0/0 dev lo table 100 iptables -w 2 -t mangle -F TP_OUT @@ -172,7 +175,7 @@ iptables -w 2 -t mangle -X TP_MARK ` if IsIPv6Supported() { commands += ` -ip -6 rule del fwmark 0x40/0xc0 table 100 +ip -6 rule del fwmark 0x40/0xc0 table 100 ip -6 route del local ::/0 dev lo table 100 ip6tables -w 2 -t mangle -F TP_OUT