Closed
Description
To Reproduce
Steps to reproduce the behavior:
- change network mode to host
- restart container with wg-easy one or more times
- Execute command
sudo iptables -v -L -n --line-numbers
Expected behavior
Iptables don't contain duplicated rules
Actual behavior
Chain INPUT (policy DROP 135 packets, 5286 bytes)
num pkts bytes target prot opt in out source destination
2 26235 4423K ACCEPT 17 -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51820
10 0 0 ACCEPT 17 -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51820
Chain FORWARD (policy ACCEPT 2278 packets, 395K bytes)
num pkts bytes target prot opt in out source destination
11 23743 2383K ACCEPT 0 -- wg0 * 0.0.0.0/0 0.0.0.0/0
12 29768 139M ACCEPT 0 -- * wg0 0.0.0.0/0 0.0.0.0/0
13 0 0 ACCEPT 0 -- wg0 * 0.0.0.0/0 0.0.0.0/0
14 0 0 ACCEPT 0 -- * wg0 0.0.0.0/0 0.0.0.0/0
I think, if you add here https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L29 default wireguard postDown script it solve this problem
iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE