kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

moved some ipv6 config to setupIPForwarding

Browse source 
Signed-off-by: Benjamin Böhmke <benjamin@boehmke.net>
This commit is contained in:
Benjamin Böhmke 2020-07-19 16:07:22 +02:00
parent dfd1925ed1
commit 3475f006b7
3 changed files with 18 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
libnetwork/drivers/bridge/bridge.go
View file

@ -396,24 +396,20 @@ func (d *driver) configure(option map[string]interface{}) error {
logrus.Debugf("Recreating iptables chains on firewall reload") logrus.Debugf("Recreating iptables chains on firewall reload")
setupIPChains(config, iptables.IPv4) setupIPChains(config, iptables.IPv4)
}) })
iptables.OnReloaded(func() { if config.EnableIP6Tables {
logrus.Debugf("Recreating ip6tables chains on firewall reload") iptables.OnReloaded(func() {
setupIPChains(config, iptables.IPv6) logrus.Debugf("Recreating ip6tables chains on firewall reload")
}) setupIPChains(config, iptables.IPv6)
})
}
} }
if config.EnableIPForwarding { if config.EnableIPForwarding {
err = setupIPForwarding(config.EnableIPTables) err = setupIPForwarding(config.EnableIPTables, config.EnableIP6Tables)
if err != nil { if err != nil {
logrus.Warn(err) logrus.Warn(err)
return err return err
} }
if config.EnableIP6Tables {
iptable := iptables.GetIptable(iptables.IPv6)
if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
}
}
} }
d.Lock() d.Lock()

11
libnetwork/drivers/bridge/setup_ip_forwarding.go
View file

@ -21,7 +21,7 @@ func configureIPForwarding(enable bool) error {
return ioutil.WriteFile(ipv4ForwardConf, []byte{val, '\n'}, ipv4ForwardConfPerm) return ioutil.WriteFile(ipv4ForwardConf, []byte{val, '\n'}, ipv4ForwardConfPerm)
} }
func setupIPForwarding(enableIPTables bool) error { func setupIPForwarding(enableIPTables bool, enableIP6Tables bool) error {
// Get current IPv4 forward setup // Get current IPv4 forward setup
ipv4ForwardData, err := ioutil.ReadFile(ipv4ForwardConf) ipv4ForwardData, err := ioutil.ReadFile(ipv4ForwardConf)
if err != nil { if err != nil {
@ -53,5 +53,14 @@ func setupIPForwarding(enableIPTables bool) error {
} }
}) })
} }
// add only iptables rules - forwarding is handled by setupIPv6Forwarding in setup_ipv6
if enableIP6Tables {
iptable := iptables.GetIptable(iptables.IPv6)
if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
}
}
return nil return nil
} }

2
libnetwork/drivers/bridge/setup_ip_forwarding_test.go
View file

@ -17,7 +17,7 @@ func TestSetupIPForwarding(t *testing.T) {
} }
// Set IP Forwarding // Set IP Forwarding
if err := setupIPForwarding(true); err != nil { if err := setupIPForwarding(true, false); err != nil {
t.Fatalf("Failed to setup IP forwarding: %v", err) t.Fatalf("Failed to setup IP forwarding: %v", err)
} }