Add dynamic docker subnet detection

InsaLan · Nov 14, 2024 · b32941a · b32941a
1 parent 6ad0f1c
commit b32941a
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/netcontrol/nft.py b/netcontrol/nft.py
@@ -68,7 +68,8 @@ def setup_portail(self):
 
         # Block other traffic from users that are not authenticated
         self._execute_nft_cmd("add chain insalan netcontrol-forward { type filter hook forward priority 0; }")
-        self._execute_nft_cmd(f"add rule insalan netcontrol-forward ip daddr != {{ 172.16.1.1,172.30.0.0/16 }} ip saddr {variables.ip_range()} ip saddr != {{ 172.16.1.1,172.30.0.0/16 }} ether saddr != @netcontrol-auth reject")
+        docker_subnet = ".".join(docker0_ip.split(".")[:1]) + ".0.0/16"
+        self._execute_nft_cmd(f"add rule insalan netcontrol-forward ip daddr != {{ 172.16.1.1,{docker_subnet} }} ip saddr {variables.ip_range()} ip saddr != {{ 172.16.1.1,{docker_subnet} }} ether saddr != @netcontrol-auth reject")
 
         self.logger.info("Gate nftables set up")