[GH-ISSUE #58] 🚩 Make container networks a building block on SPR #14

New issue

Closed

opened 2026-03-04 01:34:07 +03:00 by kerem · 1 comment

kerem commented 2026-03-04 01:34:07 +03:00

Owner

Copy link

Originally created by @lts-rad on GitHub (Sep 2, 2022).
Original GitHub issue: https://github.com/spr-networks/super/issues/58

Problem to solve

Container networks are currently poorly supported on SPR. As a workaround, users have to add rules to allow docker to do its thing or default to the "bridge" (docker0) network.

# Custom docker network workaround
nft insert rule inet filter FORWARD iifname "br*" accept
nft insert rule inet filter INPUT iifname "br*" accept

Feature: Support container network firewall rules & connectivity

Users can define rules for what the container should be able to access. LAN, WAN, LAN_UPSTREAM?, DNS, or specific device groups on the network.

We can listen to docker events and when a network is created or connected-to, its network is registered with SPR and managed.

Feature: Containers as a network sinks

Containers can run Tor, VPNs, and network experiments. We should make it possible to make a container a network sink similar to Site VPN forwarding, or possibly even a network relay where traffic comes back out onto the network after passing through the container.

Originally created by @lts-rad on GitHub (Sep 2, 2022). Original GitHub issue: https://github.com/spr-networks/super/issues/58 ## Problem to solve Container networks are currently poorly supported on SPR. As a workaround, users have to add rules to allow docker to do its thing or default to the "bridge" (docker0) network. ``` # Custom docker network workaround nft insert rule inet filter FORWARD iifname "br*" accept nft insert rule inet filter INPUT iifname "br*" accept ``` ## Feature: Support container network firewall rules & connectivity Users can define rules for what the container should be able to access. LAN, WAN, LAN_UPSTREAM?, DNS, or specific device groups on the network. We can listen to docker events and when a network is created or connected-to, its network is registered with SPR and managed. ## Feature: Containers as a network sinks Containers can run Tor, VPNs, and network experiments. We should make it possible to make a container a network sink similar to Site VPN forwarding, or possibly even a network relay where traffic comes back out onto the network after passing through the container.

kerem closed this issue 2026-03-04 01:34:07 +03:00

kerem commented 2026-03-04 01:34:08 +03:00

Author

Owner

Copy link

@lts-rad commented on GitHub (Apr 25, 2023):

Marking as closed. PFW now supports forwarding to containers

<!-- gh-comment-id:1521008994 --> @lts-rad commented on GitHub (Apr 25, 2023): Marking as closed. PFW now supports forwarding to containers

kerem referenced this issue 2026-03-04 01:35:53 +03:00

[PR #14] [MERGED] Dev #247

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dev

wifi7_support

experimental

dyn_test

dev-android-ui

dns-graph

dev-apns

v1.0.27

clearfog-v1.0.27

v1.0.26

clearfog-v1.0.26

v1.0.25

clearfog-v1.0.25

clearfog-v1.0.24

v1.0.24

v1.0.23

clearfog-v1.0.23

v1.0.22

clearfog-v1.0.22

v1.0.21

clearfog-v1.0.21

v1.0.20

clearfog-v1.0.20

v1.0.19

clearfog-v1.0.19

v1.0.18

clearfog-v1.0.18

clearfog-v1.0.17

v1.0.17

v1.0.15

clearfog-v1.0.15

v1.0.14

clearfog-v1.0.14

v1.0.13

clearfog-v1.0.13

v1.0.12

clearfog-v1.0.12

clearfog-v1.0.11

v1.0.11

clearfog-v1.0.10

v1.0.10

v1.0.9

clearfog-v1.0.9

v1.0.8

clearfog-v1.0.8

clearfog-v1.0.7

v1.0.7

v1.0.6

clearfog-v1.0.6

clearfog-v1.0.5

v1.0.5

ios-v1.0.4

v1.0.4

clearfog-v1.0.4

clearfog-v1.0.3

v1.0.3

v1.0.2

clearfog-v1.0.2

clearfog-v1.0.1

v1.0.1

v1.0.0-dev

clearfog-v1.0.0

v1.0.0

ios-v0.3.24

clearfog-v0.3.24

v0.3.24

clearfog-v0.3.23

v0.3.23

v0.3.22

clearfog-v0.3.22

clearfog-v0.3.21

v0.3.21

v0.3.20

clearfog-v0.3.20

v0.3.19

clearfog-v0.3.19

v0.3.18

clearfog-v0.3.18

clearfog-v0.3.17

v0.3.17

clearfog-v0.3.16

v0.3.16

v0.3.15

clearfog-v0.3.15

ios-v0.3.14

v0.3.14

clearfog-v0.3.14

clearfog-v0.3.13

v0.3.13

ios-v0.3.12

v0.3.12

clearfog-v0.3.12

ios-v0.3.11

clearfog-v0.3.11

v0.3.11

clearfog-v0.3.10

v0.3.10

v0.3.9

clearfog-v0.3.9

v0.3.8

clearfog-v0.3.8

clearfog-v0.3.7

v0.3.7

clearfog-v0.3.6

v0.3.6

clearfog-v0.3.5

v0.3.5

clearfog-v0.3.4

v0.3.4

v0.3.3

clearfog-v0.3.3

v0.3.2

clearfog-v0.3.2

v0.3.1

clearfog-v0.3.1

v0.3.0

clearfog-v0.3.0

clearfog-v0.2.28

v0.2.28

v0.2.27

clearfog-v0.2.27

clearfog-v0.2.26

v0.2.26

v0.2.25

clearfog-v0.2.25

v0.2.24

clearfog-v0.2.24

v0.2.23

clearfog-v0.2.23

v0.2.22

clearfog-v0.2.22

clearfog-v0.2.21

v0.2.21

v0.2.20

clearfog-v0.2.20

v0.2.19

clearfog-v0.2.19

v0.2.18

clearfog-v0.2.18

v0.2.17

v0.2.16

clearfog-v0.2.16

clearfog-v0.2.15

v0.2.15

v0.2.14

clearfog-v0.2.14

clearfog-v0.2.13

v0.2.13

clearfog-v0.2.12

v0.2.12

v0.2.11

clearfog-v0.2.11

v0.2.10

clearfog-v0.2.9

v0.2.9

clearfog-v0.2.8

v0.2.8

clearfog-v0.2.7

v0.2.7

v0.2.6

clearfog-v0.2.6

v0.2.5

v0.2.4

clearfog-v0.2.4

v0.2.3

clearfog-v0.2.3

v0.2.2

clearfog-v0.2.2

v0.2.1

clearfog-v0.2.1

v0.2.0

clearfog-v0.2.0

v0.1.33

clearfog-v0.1.33

v0.1.32

clearfog-v0.1.32

v0.1.31

clearfog-v0.1.31

v0.1.30

clearfog-v0.1.30

v0.1.29

clearfog-v0.1.29

clearfog-v0.1.28

v0.1.28

clearfog-v0.1.27

v0.1.27

v0.1.26

clearfog-v0.1.26

v0.1.25

clearfog-v0.1.25

v0.1.25-beta.6

v0.1.25-beta.5

v0.1.25-beta.4

v0.1.25-beta.3

v0.1.25-beta.2

v0.1.25-beta.1

v0.1.25-beta.0

v0.1.24

clearfog-v0.1.23

v0.1.23

clearfog-v0.1.22

v0.1.22

v0.1.21

clearfog-v0.1.21

v0.1.21-beta.1

v0.1.21-beta.0

v0.1.20

clearfog-v0.1.19

v0.1.19

clearfog-v0.1.18

v0.1.18

v0.1.17

clearfog-v0.1.17

clearfog-v0.1.16

v0.1.16-beta.3

v0.1.16-beta.2

v0.1.16-beta.1

v0.1.16-beta.0

v0.1.15

clearfog-v0.1.15

v0.1.14

v0.1.14-beta.0

v0.1.13

v0.1.12

v0.1.12-beta.7

v0.1.12-beta.6

v0.1.12-beta.5

v0.1.12-beta.4

v0.1.12-beta.3

v0.1.12-beta.2

v0.1.12-beta.1

v0.1.12-beta.0

v0.1.11

v0.1.11-beta.3

v0.1.11-beta.2

v0.1.11-beta.1

v0.1.11-beta.0

v0.1.10

v0.1.10-beta.0

v0.1.9

v0.1.9-beta.0

v0.1.8

v0.1.8-beta.0

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.4-beta.15

v0.1.4-beta.14

v0.1.4-beta.13

v0.1.4-beta.12

v0.1.4-beta.11

v0.1.4-beta.10

v0.1.4-beta.9

v0.1.4-beta.8

v0.1.4-beta.7

v0.1.4-beta.6

v0.1.4-beta.5

v0.1.4-beta.4

v0.1.4-beta.3

v0.1.4-beta.2

v0.1.4-beta.1

v0.1.4-beta.0

v0.1.3

v0.1.3-beta.2

v0.1.3-beta.1

v0.1.3-beta.0

v0.1.2

v0.1.2-beta.2

v0.1.2-beta.1

v0.1.2-beta.0

v0.1.1

v0.1.1-beta.26

v0.1.1-beta.25

v0.1.1-beta.24

v0.1.1-beta.23

v0.1.1-beta.22

v0.1.1-beta.21

v0.1.1-beta.20

v0.1.1-beta.19

v0.1.1-beta.18

v0.1.1-beta.17

v0.1.1-beta.16

v0.1.1-beta.15

v0.1.1-beta.14

v0.1.1-beta.13

v0.1.1-beta.12

v0.1.1-beta.11

v0.1.1-beta.10

v0.1.1-beta.9

v0.1.1-beta.8

v0.1.1-beta.7

v0.1.1-beta.6

v0.1.1-beta.5

v0.1.1-beta.4

v0.1.1-beta.3

v0.1.1-beta.2

v0.1.1-beta.1

v0.1.1-beta.0

v0.01-beta-pi-september-fixes

v0.01-beta-pi-september

v0.01-beta-pi-2

v0.01-beta-pi

Labels

Clear labels   

blocked

  

bug

  

documentation

  

enhancement

  

fixed

  

fixed ✅

  

hardening

  

implemented

  

installer

  

multicast

  

p1

  

p2

  

pending

  

podman

  

pull-request

Mirrored from GitHub Pull Request

  

security

  

testing

  

v1

No labels

blocked

bug

documentation

enhancement

fixed

fixed ✅

hardening

implemented

installer

multicast

p1

p2

pending

podman

pull-request

security

testing

v1

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/super#14

No description provided.