Skip to content

Instantly share code, notes, and snippets.

@andreasnuesslein

andreasnuesslein/docker.nft

Last active September 6, 2019 09:00
Show Gist options
  • Save andreasnuesslein/d042b4cbaf3239eb48aa847db0f55693 to your computer and use it in GitHub Desktop.
Save andreasnuesslein/d042b4cbaf3239eb48aa847db0f55693 to your computer and use it in GitHub Desktop.
Download ZIP
Docker config for gitlab-runner on nftables
Raw
docker.nft
#!/usr/sbin/nft -f
# vim: ft=pf
# {{ interface }} would be `eth0` or `enp3s0` or similar
table inet filter {
chain forward {
iifname docker0 oifname {{ interface }} accept
iifname {{ interface }} oifname docker0 ct state established accept
iifname {{ interface }} oifname docker0 ct state related accept
}
}
table ip nat {
chain input {
type nat hook input priority 0; policy accept;
}
chain output {
type nat hook output priority 0; policy accept;
}
chain prerouting {
type nat hook prerouting priority 0; policy accept;
}
chain postrouting {
type nat hook postrouting priority 0; policy accept;
ip saddr 172.17.0.0/16 counter masquerade
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment