I am trying to come up with a solution to bypass the vpn tunnel in the incoming and outgoing docker container.
The VPN I'm using is Mullvad VPN and in the split tunneling section they have addressed how to exclude outgoing traffic for certain ips. This does not work for my docker container as my container's traffic is routed through the tunnel created by Mullvad VPN.
This is my nftables config:
define EXCLUDED_IPS = {
# An ip to bypass
1.2.3.4,
}
define CONTAINER_IPS = {
# Local Proxy
10.10.5.0/24,
}
table inet excludeTraffic {
chain excludeOutgoing {
type route hook output priority 0; policy accept;
ip daddr $EXCLUDED_IPS ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
# I have created this chain which is not working
chain excludeContainerFromTunnel {
type route hook output priority -5; policy accept;
ip daddr $CONTAINER_IPS ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
}
The container's network is bound to 10.10.5.1
and is a bridge network with the subnet of 10.10.5.0/24
.
EDIT: output of ip rule
:
$ ip rule
0: from all lookup local
32764: from all lookup main suppress_prefixlength 0
32765: not from all fwmark 0x6d6f6c65 lookup 1836018789
32766: from all lookup main
32767: from all lookup default
ip -br link; ip -4 -br addr; ip route; ip route show table 1836018789
and alsosysctl -ar '\.rp_filter' | grep -v '0 *$'
(which might have an empty output if there's nothing to care about).