kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

Revert "Always configure iptables forward policy" 

Reverts 141b53c77a (PR #2450)

Fallout from changing the forwarding default policy to deny was greater than anticipated.

Signed-off-by: Euan Harris <euan.harris@docker.com>
This commit is contained in:
Euan Harris 2019-10-07 17:50:38 +01:00
parent 01f67061b5
commit 0ca676db49
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libnetwork/drivers/bridge/setup_ip_forwarding.go
View File

@ -34,11 +34,11 @@ func setupIPForwarding(enableIPTables bool) error {
if err := configureIPForwarding(true); err != nil {
return fmt.Errorf("Enabling IP forwarding failed: %v", err)
}
}
// Set the default policy on forward chain to drop only if the
// daemon option iptables is not set to false.
if enableIPTables {
// When enabling ip_forward set the default policy on forward chain to
// drop only if the daemon option iptables is not set to false.
if !enableIPTables {
return nil
}
if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
if err := configureIPForwarding(false); err != nil {
logrus.Errorf("Disabling IP forwarding failed, %v", err)