default DROP policy on firewall reload also for IPv6

Signed-off-by: Benjamin Böhmke <benjamin@boehmke.net>
2020-07-20 19:56:34 +02:00 · 2020-07-20 19:56:34 +02:00 · 9cf5335269
parent ec7df93731
commit 9cf5335269
1 changed files with 6 additions and 0 deletions
--- a/libnetwork/drivers/bridge/setup_ip_forwarding.go
+++ b/libnetwork/drivers/bridge/setup_ip_forwarding.go
@ -60,6 +60,12 @@ func setupIPForwarding(enableIPTables bool, enableIP6Tables bool) error {
 		if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
 			logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
 		}
+		iptables.OnReloaded(func() {
+			logrus.Debug("Setting the default DROP policy on firewall reload")
+			if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
+				logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
+			}
+		})
 	}

 	return nil