-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for --internal network? #23
Comments
Hey @dkoshkin, thanks for reaching out. Without Curious what your use case is using |
We use it to simulate air-gapped (specifically no egress) networks in docker. |
Got it. Yeah this is a bit of an interesting case, as typically air-gap would exclude all networks, including your host (but of course, that makes dev/debugging hard). The solution here would be to somehow create a connection only between the |
Okay I did a deep dive on this today. This is what I discovered (for those curious): How internal works
SolutionWe need to respect the above isolation rules for internal networks while still giving access to the Wireguard VPN. I think the solution is to add 2
Basically anytime a packet is headed to or from the I've tested the above and it works. I think it is safe to add these rules as defaults (rather than some sort of opt-in), because this is more-or-less the default behaviour if you were to run Docker on a vanilla Linux host. |
Just found this project and super excited, works great for the default or other non --internal docker networks.
But it doesn't work if I use an
--internal
networkWas wondering if its even possible for this to work with an internal network?
The text was updated successfully, but these errors were encountered: