mirror of
https://github.com/containers/netavark.git
synced 2026-02-05 06:45:56 +01:00
4fea4c01ed
There are two major changes here. Firstly, this adds proper support for port forwarding from localhost via a new policy accepting traffic from HOST. This is the last bit we were missing from the original port-forwarding implementation. This requires two new zones: one in which the actual port forward occurs, and one to allow traffic to 127.0.0.1 to be masqeuraded so we can talk to the container from localhost. Secondly, this fixes a bug where we generated incorrect rules when port-forwarding from a single IP. Instead of doing standard port-forwarding rules, those need rich rules. This was reported as #881. There are also some small code cleanups in how we handle setting up and tearing down port forwarding. It's still rather ugly, but at least a little better than it was before. Fixes #881 Signed-off-by: Matthew Heon <matthew.heon@pm.me>