feat: migrate to nftables (#63)

Author: qoomon

Dockerfile

@@ -3,7 +3,7 @@ FROM alpine:3.20.1
 
 RUN apk --no-cache upgrade \
  && apk --no-cache add  \
-    iptables \
+    nftables \
     libcap
 
 COPY ./entrypoint.sh /

README.md

@@ -68,11 +68,11 @@ These examples will send messages from docker container to docker host with `net
 ### Preparation
 Start `netcat` server **TCP** on port `2323` to receive and display messages
 ```sh
-nc -p 2323 -lk
+nc -lk 2323
 ```
 Start `netcat` server **UDP** on port `5353` to receive and display messages
 ```sh
-nc -p 5353 -lk -u
+nc -lk 5353 -u
 ```   
 
 ## Docker Link

entrypoint.sh

@@ -69,22 +69,24 @@ echo "Docker Host: $docker_host_ip ($docker_host_source)"
 PORTS="${PORTS:-"1-65535"}"
 PORTS="$(echo ${PORTS//,/ })"
 
+nft add table nat
+nft add chain nat prerouting  { type nat hook prerouting  priority -100 \; }
+nft add chain nat postrouting { type nat hook postrouting priority  100 \; }
+
 echo "Forwarding ports: ${PORTS// /, }"
 for forwarding_port in $PORTS
 do
   docker_container_port="${forwarding_port%%:*}"
   docker_host_port="${forwarding_port#*:}"
+  
+  nft add rule nat prerouting tcp \
+    dport "${docker_container_port}" dnat to "$docker_host_ip:$docker_host_port"
+  nft add rule nat prerouting udp \
+    dport "${docker_container_port}" dnat to "$docker_host_ip:$docker_host_port"
 
-  iptables --table nat --insert PREROUTING \
-    --protocol tcp --destination-port "${docker_container_port/-/:}" \
-    --jump DNAT --to-destination "$docker_host_ip:$docker_host_port"
-
-  iptables --table nat --insert PREROUTING \
-    --protocol udp --destination-port "${docker_container_port/-/:}" \
-    --jump DNAT --to-destination "$docker_host_ip:$docker_host_port"
 done
 
-iptables --table nat --insert POSTROUTING --jump MASQUERADE
+nft add rule nat postrouting masquerade
 
 # --- Drop root access and "Ah, ha, ha, ha, stayin' alive" ---------------------