search

containers / netavark

Container network stack
Apache License 2.0
538 stars 85 forks source link

Feature Request: Option to disable masquerade #831

Open yzguy opened 1 year ago

yzguy commented 1 year ago

It would be nice to have an option to disable the default masquerade somehow for both IPv4 and IPv6 #560 is related but focuses specifically on IPv6

Looking at a chain automatically created in my use-case, this 2nd rule is always there, and it would be nice to be able to toggle that on or off.

    chain NETAVARK-E468CF7D5F9C4 {
        ip daddr 100.64.1.0/24 counter packets 7 bytes 1024 accept
        ip daddr != 224.0.0.0/4 counter packets 4399 bytes 246472 masquerade
    }

My understand is Docker allows the user to disable it via a driver option -- com.docker.network.bridge.enable_ip_masquerade=false, so something like that would be useful in netarark

baude commented 1 year ago

neat, is this something you want to work on and contribute?