This is how I manage docker with ipv6 and dhcp-pd in arch linux
duid
persistent
option rapid_commit
option classless_static_routes
option ntp_servers
option interface_mtu
require dhcp_server_identifier
slaac private
ipv6only
noipv6rs
interface INTERNETIF
ipv6rs
iaid 1
ia_pd 1 LANIF/0/64 docker1/2/64
# Generated by ip6tables-save v1.6.1 on Mon Apr 10 23:59:06 2017
*nat
:PREROUTING ACCEPT [16256:2921441]
:INPUT ACCEPT [21:1749]
:OUTPUT ACCEPT [1579:129828]
:POSTROUTING ACCEPT [17166:2996983]
:DOCKERNATPOST - [0:0]
:DOCKERNATPRE - [0:0]
-A POSTROUTING -j DOCKERNATPOST
-A PREROUTING -j DOCKERNATPRE
-A OUTPUT -j DOCKERNATPRE
COMMIT
*filter
:INPUT ACCEPT [8:1558]
:FORWARD ACCEPT [602:50934]
:OUTPUT ACCEPT [2115:172583]
:INTERNET - [0:0]
-A INPUT -m udp -p udp --dport 546 -j ACCEPT
-A INPUT -m udp -p udp --dport 547 -j ACCEPT
-A INPUT -i INTERNETIF -j INTERNET
-A FORWARD -i INTERNETIF -j INTERNET
-A INTERNET -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INTERNET -p tcp -m tcp --dport 443 -j ACCEPT
-A INTERNET -p tcp -m tcp --dport 80 -j ACCEPT
-A INTERNET -p tcp -m tcp --dport 22 -j ACCEPT
-A INTERNET -p ipv6-icmp -j ACCEPT
-A INTERNET -p icmpv6 -j ACCEPT
-A INTERNET -j DROP
COMMIT
# Completed on Mon Apr 10 23:14:13 2017
#!/bin/bash -x
# Get your IPV6 private prefix from
# http://simpledns.com/private-ipv6.aspx
IPV6PRIVATEPREFIX="PrivatePrefix/64"
DOCKERIF="docker1"
case "$reason" in
CARRIER)
if [ ${interface} == ${DOCKERIF} ] ; then
ip6tables -D DOCKERNATPOST
ip6tables -D DOCKERNATPRE
fi
;;
REBIND6)
if [ ${interface} == ${DOCKERIF} ] ; then
ip6tables -t nat -A DOCKERNATPRE -d ${new_delegated_dhcp6_prefix} -j NETMAP --to ${IPV6PRIVATEPREFIX}
ip6tables -t nat -A DOCKERNATPOST -s ${IPV6PRIVATEPREFIX} -j NETMAP --to ${new_delegated_dhcp6_prefix}
fi
echo "SAMPLE::::"
export
echo "Parameters $*"
;;
esac
exit 0
As I use docker-compose to start my bridge, I have this in my config file:
version: '2.1'
networks:
default:
driver: bridge
enable_ipv6: true
driver_opts:
com.docker.network.bridge.name: "docker1"
ipam:
driver: default
config:
- subnet: 172.33.0.0/24
gateway: 172.33.0.1
ip_range: 172.33.0.192/26
- subnet: PrivatePrefix/64
gateway: PrivatePrefix::1