Merge pull request #217 from SUNET/patlu-dockerhost2-ipv6-nat

Make IPv6 SNAT rules match more of ULA range
SUNET · Nov 13, 2024 · f565faf · f565faf
2 parents d54188f + e64fdc7
commit f565faf
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/templates/dockerhost/200-dockerhost2_nftables.nft.erb b/templates/dockerhost/200-dockerhost2_nftables.nft.erb
@@ -26,8 +26,8 @@ table ip6 nat {
 #
 add rule ip nat postrouting ip saddr { 172.16.0.0/12 } iifname docker0   counter masquerade comment "SNAT traffic from Docker"
 add rule ip nat postrouting ip saddr { 172.16.0.0/12 } iifname br-*      counter masquerade comment "SNAT traffic from Docker"
-add rule ip6 nat postrouting ip6 saddr { fd0c::/16 }   iifname docker0   counter masquerade comment "SNAT traffic from Docker"
-add rule ip6 nat postrouting ip6 saddr { fd0c::/16 }   iifname br-*      counter masquerade comment "SNAT traffic from Docker"
+add rule ip6 nat postrouting ip6 saddr { fd00::/8 }    iifname docker0   counter masquerade comment "SNAT traffic from Docker"
+add rule ip6 nat postrouting ip6 saddr { fd00::/8 }    iifname br-*      counter masquerade comment "SNAT traffic from Docker"
 
 #
 # Allow forwarding packages from docker