From 8c23523c888464940c636ec39f721eed1d727df8 Mon Sep 17 00:00:00 2001
From: Danish Prakash <contact@danishpraka.sh>
Date: Tue, 28 Oct 2025 22:50:19 +0530
Subject: [PATCH] common: add support for `default_host_ips` in containers.conf

This adds support for configuring default host IPs via containers.conf
to bind published container ports to when no host IP is explicitly
specified (e.g. -p 8000:8000). If multiple IPs are specified,
separate port mapping for each of the specified IP would be created.
For instance, setting this to `["127.0.0.1", "::1"]` and port specified
as `-p 8080:80` will result into two port mappings in podman--
`127.0.0.1:8080:80` and `[::1]:8080:80`.

Note that explicit host IP still overrides the default option set in containers.conf.

Refers https://github.com/containers/podman/issues/27186

Signed-off-by: Danish Prakash <contact@danishpraka.sh>
---
 common/docs/containers.conf.5.md          | 11 +++++++++++
 common/pkg/config/config.go               |  7 +++++++
 common/pkg/config/containers.conf         | 10 ++++++++++
 common/pkg/config/containers.conf-freebsd | 10 ++++++++++
 4 files changed, 38 insertions(+)

diff --git a/common/docs/containers.conf.5.md b/common/docs/containers.conf.5.md
index a7f233709c..477946ec3d 100644
--- a/common/docs/containers.conf.5.md
+++ b/common/docs/containers.conf.5.md
@@ -525,6 +525,17 @@ run on the machine.
 A list of default pasta options that should be used running pasta.
 It accepts the pasta cli options, see pasta(1) for the full list of options.
 
+**default_host_ips**=[]
+
+The default host IPs to bind published container ports to when no host IP
+is explicitly specified in the `-p` flag (e.g., `-p 8000:8000`). If empty, the default
+behavior is to bind to all network interfaces (`0.0.0.0`). If multiple IPs are specified,
+separate port mapping for each of the specified IP would be created. For instance, setting
+this to `["127.0.0.1", "::1"]` and port specified as `-p 8080:80` will result into two
+port mappings in podman--`127.0.0.1:8080:80` and `[::1]:8080:80`.
+Note that explicitly specifying a host IP in the `-p` flag (e.g., `-p 192.168.1.10:8000:8000`)
+will always override this default.
+
 ## ENGINE TABLE
 The `engine` table contains configuration options used to set up container engines such as Podman and Buildah.
 
diff --git a/common/pkg/config/config.go b/common/pkg/config/config.go
index 8bc23deba1..8718596825 100644
--- a/common/pkg/config/config.go
+++ b/common/pkg/config/config.go
@@ -634,6 +634,13 @@ type NetworkConfig struct {
 	// PastaOptions contains a default list of pasta(1) options that should
 	// be used when running pasta.
 	PastaOptions attributedstring.Slice `toml:"pasta_options,omitempty"`
+
+	// DefaultHostIPs is the default host IPs to bind published container ports
+	// to when no host IP is explicitly specified in the -p flag (e.g., -p 80:80).
+	// If empty, the default behavior is to bind to all interfaces (0.0.0.0).
+	// If multiple IPs are specified, separate port mapping for each of the specified
+	// IP would be created.
+	DefaultHostIPs []string `toml:"default_host_ips,omitempty"`
 }
 
 type SubnetPool struct {
diff --git a/common/pkg/config/containers.conf b/common/pkg/config/containers.conf
index 2e392d048e..06a3225657 100644
--- a/common/pkg/config/containers.conf
+++ b/common/pkg/config/containers.conf
@@ -445,6 +445,16 @@ default_sysctls = [
 #
 #pasta_options = []
 
+# The default host IPs to bind published container ports to when no host IP
+# is explicitly specified in the -p flag (e.g., -p 8000:8000). If empty, the default
+# behavior is to bind to all network interfaces (0.0.0.0). If multiple IPs are specified,
+# separate port mapping for each of the specified IP would be created. For instance, setting
+# this to ["127.0.0.1", "::1"] and port specified as -p 8080:80 will result into two
+# port mappings in podman--127.0.0.1:8080:80 and [::1]:8080:80.
+# Note that explicitly specifying a host IP via -p will always override this.
+#
+#default_host_ips = []
+
 [engine]
 # Index to the active service
 #
diff --git a/common/pkg/config/containers.conf-freebsd b/common/pkg/config/containers.conf-freebsd
index bd999c339c..8d4e46f618 100644
--- a/common/pkg/config/containers.conf-freebsd
+++ b/common/pkg/config/containers.conf-freebsd
@@ -335,6 +335,16 @@ default_sysctls = [
 #
 #network_config_dir = "/usr/local/etc/cni/net.d/"
 
+# The default host IPs to bind published container ports to when no host IP
+# is explicitly specified in the -p flag (e.g., -p 8000:8000). If empty, the default
+# behavior is to bind to all network interfaces (0.0.0.0). If multiple IPs are specified,
+# separate port mapping for each of the specified IP would be created. For instance, setting
+# this to ["127.0.0.1", "::1"] and port specified as -p 8080:80 will result into two
+# port mappings in podman--127.0.0.1:8080:80 and [::1]:8080:80.
+# Note that explicitly specifying a host IP via -p will always override this.
+#
+#default_host_ips = []
+
 [engine]
 # Index to the active service
 #