I access my seedbox via Tailscale-only (all other external traffic is firewalled).
On that machine, I use the docker-compose project which routes all container traffic through Wireguard container (network_mode: service:wireguard), all that works fine.
The problem arises when I up/down containers after a config change, when Wireguard container restarts, it probably does something with iptables which makes me lose connectivity to any of my container web UIs that I access via Tailscale.
This is what the container does on exit: https://i.imgur.com/4C8EL3V.png
Is there a way to prevent it from messing up with iptables rules that impact Tailscale?