Responses to #35:
1. Revises `docker run` example:
* places container in host mode
* runs container detached (so it does not appear to stall)
* passes the user and group IDs for the local user (so persistent
storage is owned by the local user)
* changes default mechanism for net-filter rules to `iptables-nft`
* places image reference on a separate line
2. Revises `docker compose` service definition:
* removes deprecated `version` clause, substituting the
"here comes YAML" `---` signature
* changes default mechanism for net-filter rules to `iptables-nft`
3. Re-writes explanation of `ZEROTIER_ONE_USE_IPTABLES_NFT` to make it
clear that `true` is usually the correct option for all implementations
(not just Raspberry Pi). Also adds explicit test to confirm that the
container's net-filters are getting into the host's tables.
Opportunistic changes:
1. Updates URLs for ZeroTier Knowledge Base article (avoids redirects
when following those links).
2. Clarifies that it is the ZeroTier Knowledge Base article which
implements a half-router, and summarises the additional capabilities
of `zerotier-router`.
3. Adds cross-reference to IOTstack documentation (IMO this is more
comprehensive than anything in the ZeroTier Knowledge Base).
4. Removes extraneous `0x09` characters.
Fixes#35
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Adds `ZEROTIER_ONE_GATEWAY_MODE` variable. Supported values are
`inbound` (forward traffic from ZeroTier cloud to local interfaces),
`outbound` (forward traffic from local interfaces to ZeroTier cloud)
and `both` (bi-directional). Defaults to `inbound`.
Also checks for `net.ipv4.ip_forward=1`. If not enabled, falls back
to standard client mode.
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
