kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Add bidirectional iptables rule back to links

Browse source 
Fixes #4014
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-02-09 01:43:46 -08:00
parent 8228e50581
commit 0cba91e264
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
networkdriver/lxc/driver.go
View file

@ -172,7 +172,6 @@ func setupIPTables(addr net.Addr, icc bool) error {
iptables.Raw(append([]string{"-D"}, acceptArgs...)...) iptables.Raw(append([]string{"-D"}, acceptArgs...)...)
if !iptables.Exists(dropArgs...) { if !iptables.Exists(dropArgs...) {
utils.Debugf("Disable inter-container communication") utils.Debugf("Disable inter-container communication")
if output, err := iptables.Raw(append([]string{"-I"}, dropArgs...)...); err != nil { if output, err := iptables.Raw(append([]string{"-I"}, dropArgs...)...); err != nil {
return fmt.Errorf("Unable to prevent intercontainer communication: %s", err) return fmt.Errorf("Unable to prevent intercontainer communication: %s", err)
@ -470,6 +469,20 @@ func LinkContainers(job *engine.Job) engine.Status {
job.Errorf("Error toggle iptables forward: %s", output) job.Errorf("Error toggle iptables forward: %s", output)
return engine.StatusErr return engine.StatusErr
} }
if output, err := iptables.Raw(action, "FORWARD",
"-i", bridgeIface, "-o", bridgeIface,
"-p", proto,
"-s", childIP,
"--sport", port,
"-d", parentIP,
"-j", "ACCEPT"); !ignoreErrors && err != nil {
job.Error(err)
return engine.StatusErr
} else if len(output) != 0 {
job.Errorf("Error toggle iptables forward: %s", output)
return engine.StatusErr
}
} }
return engine.StatusOK return engine.StatusOK
} }