Using a subnet mask to publish a port, like 100.64.0.0/10?

bluepuma77 · July 2, 2025, 12:27pm

We just started to use headscale server with tailscale clients to create a wireguard mesh network between VM nodes. It would be great to be able to easily publish Docker container ports only on those internal IPs.

But it seems publishing ports is only possible with fixed IPs, not with subnet masks, which could be used to automatically select the matching IP(s).

Example:

services:
  db:
    image: postgres
    restart: unless_stopped
    ports:
      - 100.64.0.0/10:5432:5432
    environment:
      POSTGRES_PASSWORD: example

It seems more and more wireguard VPNs are used, many more services beside tailscale/headscale exist nowadays, this could to be an important use case for the future.

Where is the right place to create a feature request for this?

Topic		Replies	Views
Publish port to specific ipv6 address Feature Requests	5	7034	February 25, 2021
UGREEN NAS w/ 2 LAN Ports General security	2	247	September 3, 2024
Published port problem with container network mode General docker-compose	1	2374	April 20, 2024
Help please, how do I map a container service that binds ports to 0.0.0.0 to a host IP? General	0	455	December 22, 2022
Publish host port to VPN connected via Docker container General	1	859	November 27, 2019

Using a subnet mask to publish a port, like 100.64.0.0/10?

Related topics