From 66385fd9e80a2fdb2c20e96dc45cfe28786ee06c Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Mon, 2 Dec 2024 22:14:58 -0500
Subject: [PATCH] update docker

---
 manifests/init.pp | 35 +++++++++--------------------------
 1 file changed, 9 insertions(+), 26 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index d1d3817..4d7489f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -51,7 +51,6 @@
   firewall { '100 handle uturn traffic for containers':
     chain       => 'OUTPUT',
     jump        => 'DOCKER_EXPOSE',
-    destination => '! 127.0.0.0/8',
     dst_type    => 'LOCAL',
     table       => 'nat',
   }
@@ -65,6 +64,15 @@
     table    => 'nat',
   }
 
+  firewall { '100 masquerade for localhost uturn':
+    chain    => 'POSTROUTING',
+    jump     => 'MASQUERADE',
+    src_type => 'LOCAL',
+    dst_type => 'UNICAST'
+    outiface => "${bridge_name}",
+    table    => 'nat',
+  }
+
   firewall { '100 forward from docker containers':
     chain    => 'FORWARD',
     action   => 'accept',
@@ -81,31 +89,6 @@
     iniface  => "! ${bridge_name}",
   }
 
-  firewall { '100 masquerade for default docker containers':
-    chain    => 'POSTROUTING',
-    jump     => 'MASQUERADE',
-    proto    => 'all',
-    outiface => '! docker0',
-    source   => '172.31.255.0/24',
-    table    => 'nat',
-  }
-
-  firewall { '100 forward from default docker containers':
-    chain    => 'FORWARD',
-    action   => 'accept',
-    proto    => 'all',
-    outiface => '! docker0',
-    iniface  => 'docker0',
-  }
-
-  firewall { '100 forward to default docker containers':
-    chain    => 'FORWARD',
-    action   => 'accept',
-    proto    => 'all',
-    outiface => 'docker0',
-    iniface  => '! docker0',
-  }
-
   exec { 'create docker network':
     command   => "/usr/bin/docker network create --subnet ${bridge_subnet} -o com.docker.network.bridge.name=${bridge_name} ${bridge_name}",
     unless    => "/usr/bin/docker network inspect ${bridge_name}",