Support for iptables '--wait' and improved systemd/journald logging

This release:

1. Adds support for calling iptables' --wait and --wait-seconds options, using the new --iptables-wait and --iptables-wait-seconds options respectively
2. Adds automatic detection of systemd/journald logging and improved logging in this scenario (thanks to @riton)
3. Removes limitation that the ingress network cannot be >/24
4. Documents the automated testing procedure using RunCVM
5. Minor bugfixes and documentation improvements

Full changelog:

2e8d92b Document automated testing procedure
b7f58db Support for calling iptables' --wait and --wait-seconds options
0676caf Bump minor version and fix formatting for consistency
0df1c86 Adapt log format if journald is detected
54bde9c Updated usage to better explain the service and port whitelisting options
0281837 Updated README.md
d999aae Corrected abbreviated name 'dind' to 'dird'
8b35154 Add instructions for installing the example systemd unit
7a9dfa2 Updated script permissions to 755
747e53d Explicitly inspect network ingress
f761a8d Remove limitation that the ingress network cannot be >/24

Docker Ingress Routing Daemon v4.1.0: Support for ingress networks > /24 and preexisting containers

This major release introduces:

1. Autodetection of and full support for ingress networks larger than /24, using sequential IDs for load balancer nodes (this mode may be forced using the --indexed-ids option)
2. Support for installing routing rules on preexisting running containers, using the --preexisting option (thanks @markfqs)
3. Improved logging
4. Example DIND systemd unit

Correctly restore connection mark for UDP traffic, to allow e.g. DNS services to work

DIND <= v3.2.0 did not correctly handle UDP protocol services, due to an oversight in application of connection tracking rules, and insufficient testing.

This release correctly restores the connection mark for UDP traffic, which allows e.g. DNS services to work.

Upgrade to v3.3.0 is necessary for using DIND with UDP services like DNS.

Fix serious launch issue preventing DIND shutdown when dockerd not running

Due to a couple of missing spaces, launch-time checks that dockerd is up-and-running failed to perform correctly, meaning that DIND could launch and begin polling for container launches without having properly configured iptables and other things needing configuration.

This could cause a serious outage if dockerd is restarted on a node.

Upgrade to v3.2.0 highly recommended.

Enable 'loose' rp_filter on container ingress network interface

Resolution to issue #4.

On recent kernels (e.g. the 4.19.0-14-cloud-amd64 kernel that comes with the Google Compute Debian Buster image) the rp_filter sysctl value is set by default to 1 on all interfaces (and therefore on the ingress network interface) inside all launched containers. This prevents reverse path packets from being correctly processed by the networking stack.

This release ensures rp_filter will be set to 2 - loose mode - on the ingress network interface inside all launched containers managed by the daemon.

Docker Ingress Routing Daemon v3.0.1

v3.0.1: Bugfix parsing of --ingress-gateway-ips

Docker Ingress Routing Daemon v3.0.0

New functionality and command line arguments:

               --services <services>  - service names to disable masquerading for
               --tcp-ports <ports>    - TCP ports to disable masquerading for
               --udp-ports <ports>    - UDP ports to disable masquerading for
       --ingress-gateway-ips <ips>    - specify load-balance ingress IPs
                  --no-performance    - disable performance optimisations