Add network to iptables command

[ameir]

When running in some environments, e.g. Kubernetes, the iptables command can cause the CNI to have issues. In my case, both calico-typha and calico-node began to fail health checks once the original iptables command was executed. Adding the ocserv network to the command allowed it to work as expected.

[aminvakil]

Thanks for this PR, but local IP cannot be hardcoded in entrypoint.sh as one may change it cause of different needs they might have.

Could you please change it, so it reads ipv4-network from ocserv.conf and put it in a variable, and then use it?

[ameir]

Thanks for this PR, but local IP cannot be hardcoded in entrypoint.sh as one may change it cause of different needs they might have.

Could you please change it, so it reads ipv4-network from ocserv.conf and put it in a variable, and then use it?

This subnet is already hardcoded in two other places, so it doesn't seem very configurable as it stands. I can update it as you suggest, though; no problem.

$ fgrep -nr '192.168.99'
./Dockerfile:59:        && sed -i '/^ipv4-network = /{s/192.168.1.0/192.168.99.0/}' /etc/ocserv/ocserv.conf \
./routes.txt:2:route = 192.168.99.0/255.255.255.0

[ameir]

@aminvakil I've updated the PR to allow the network/netmask to be configurable (via env var). Please let me know if you have any questions/feedback.

[aminvakil]

Please fix the hadolint bug.

This will break some users if they had changed the IPs manually from routes.txt, but that would be wrong anyway.

I will put another commit changing the README.md, and putting a release note about this later.

[ameir]

@aminvakil I need to make a change actually; please hold on merging if you could, please. Thank you!

[aminvakil]

Sure.

[ameir]

I should have put the envsubst in the entrypoint so that users can supply the network params via env var at runtime and not need to rebuild the image. I just pushed the commit to make that happen. Thank you!

[aminvakil]

Thank you for doing this!