Docker + WireGuard

Self note: cand instalati wireguard si docker pe acelasi server, wireguard o sa dea cu fail pentru ca docker modifica policy-ul pe tablela de forward din accept in drop.

Solutie:

 

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -P FORWARD ACCEPT; iptables -t nat -A POSTROUTING -s 1.2.3.4/24 -o ens3 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -P FORWARD DROP; iptables -t nat -D POSTROUTING -s 1.2.3.4/24 -o ens3 -j MASQUERADE;

in /etc/wireguard/iftunel.conf si

After=docker.service network.target

in /lib/systemd/system/[email protected]