Feature Request: IPv6 Support #34
Description
Hey, can support for IPv6 be added for the router/controller variant? By default, or behind an env flag, or docker tag?
I have not used the client variant myself, so I am unsure if support is already there for that.
I've managed to get it working myself by editing iptables rules within entrypoint-router.sh
(I have ZEROTIER_ONE_USE_IPTABLES_NFT=true, so I am unsure if it works on legacy)
Added
IP6TABLES_CMD=ip6tables-legacy
[ "${ZEROTIER_ONE_USE_IPTABLES_NFT}" = "true" ] && IP6TABLES_CMD=ip6tables-nft
Duplicated iptables commands within update_iptables() for example:
"both" )
# IPv4
echo "$2 ${IPTABLES_CMD} rules for bi-directional traffic (local interfaces ${PHY_IFACES} to/from ZeroTier)"
${IPTABLES_CMD} -t nat -${1} POSTROUTING -o ${ZT_IFACE} -j MASQUERADE
for PHY_IFACE in ${PHY_IFACES} ; do
${IPTABLES_CMD} -t nat -${1} POSTROUTING -o ${PHY_IFACE} -j MASQUERADE
${IPTABLES_CMD} -${1} FORWARD -i ${ZT_IFACE} -o ${PHY_IFACE} -j ACCEPT
${IPTABLES_CMD} -${1} FORWARD -i ${PHY_IFACE} -o ${ZT_IFACE} -j ACCEPT
done
# IPv6
echo "$2 ${IP6TABLES_CMD} rules for bi-directional traffic (local interfaces ${PHY_IFACES} to/from ZeroTier)"
${IP6TABLES_CMD} -t nat -${1} POSTROUTING -o ${ZT_IFACE} -j MASQUERADE
for PHY_IFACE in ${PHY_IFACES} ; do
${IP6TABLES_CMD} -t nat -${1} POSTROUTING -o ${PHY_IFACE} -j MASQUERADE
${IP6TABLES_CMD} -${1} FORWARD -i ${ZT_IFACE} -o ${PHY_IFACE} -j ACCEPT
${IP6TABLES_CMD} -${1} FORWARD -i ${PHY_IFACE} -o ${ZT_IFACE} -j ACCEPT
done
;;
Also, thanks for the great work so far, this project has been very helpful.