From 0cba91e26447e14260f111bef6d3745d2dd55444 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Sun, 9 Feb 2014 01:43:46 -0800
Subject: [PATCH] Add bidirectional iptables rule back to links

Fixes #4014
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 networkdriver/lxc/driver.go | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/networkdriver/lxc/driver.go b/networkdriver/lxc/driver.go
index 3f9c0af011..0bc24b91b6 100644
--- a/networkdriver/lxc/driver.go
+++ b/networkdriver/lxc/driver.go
@@ -172,7 +172,6 @@ func setupIPTables(addr net.Addr, icc bool) error {
 		iptables.Raw(append([]string{"-D"}, acceptArgs...)...)
 
 		if !iptables.Exists(dropArgs...) {
-
 			utils.Debugf("Disable inter-container communication")
 			if output, err := iptables.Raw(append([]string{"-I"}, dropArgs...)...); err != nil {
 				return fmt.Errorf("Unable to prevent intercontainer communication: %s", err)
@@ -470,6 +469,20 @@ func LinkContainers(job *engine.Job) engine.Status {
 			job.Errorf("Error toggle iptables forward: %s", output)
 			return engine.StatusErr
 		}
+
+		if output, err := iptables.Raw(action, "FORWARD",
+			"-i", bridgeIface, "-o", bridgeIface,
+			"-p", proto,
+			"-s", childIP,
+			"--sport", port,
+			"-d", parentIP,
+			"-j", "ACCEPT"); !ignoreErrors && err != nil {
+			job.Error(err)
+			return engine.StatusErr
+		} else if len(output) != 0 {
+			job.Errorf("Error toggle iptables forward: %s", output)
+			return engine.StatusErr
+		}
 	}
 	return engine.StatusOK
 }