Lukas c56e0f507d fix(vpn): fix DNS iptables rules and add NET_RAW cap ...

DNS OUTPUT was restricted to -o wg0, but routing decision happens
after iptables OUTPUT — so DNS to VPN-internal addresses (198.18.0.x)
was blocked before the kernel selected the outgoing interface.
Allow DNS unconditionally; routing still sends it through wg0.

Add NET_RAW capability so ping works inside the container.

2026-05-17 18:31:38 +02:00

1.0 KiB

Raw Blame History

View Raw