Honor --iptables=false in bridge
- When flag is false, not only do not program the chains, also do not perform any cleanup Signed-off-by: Alessandro Boch <aboch@docker.com>
This commit is contained in:
parent
ad14618fc0
commit
b8d2ac9b65
|
@ -135,7 +135,7 @@ func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
|
||||||
if err := iptables.FirewalldInit(); err != nil {
|
if err := iptables.FirewalldInit(); err != nil {
|
||||||
logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err)
|
logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err)
|
||||||
}
|
}
|
||||||
removeIPChains()
|
|
||||||
d := newDriver()
|
d := newDriver()
|
||||||
if err := d.configure(config); err != nil {
|
if err := d.configure(config); err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -378,6 +378,7 @@ func (d *driver) configure(option map[string]interface{}) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if config.EnableIPTables {
|
if config.EnableIPTables {
|
||||||
|
removeIPChains()
|
||||||
natChain, filterChain, isolationChain, err = setupIPChains(config)
|
natChain, filterChain, isolationChain, err = setupIPChains(config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -817,12 +817,6 @@ func TestSetDefaultGw(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
type fakeCallBack struct{}
|
|
||||||
|
|
||||||
func (cb fakeCallBack) RegisterDriver(name string, driver driverapi.Driver, capability driverapi.Capability) error {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestCleanupIptableRules(t *testing.T) {
|
func TestCleanupIptableRules(t *testing.T) {
|
||||||
defer testutils.SetupTestOSContext(t)()
|
defer testutils.SetupTestOSContext(t)()
|
||||||
bridgeChain := []iptables.ChainInfo{
|
bridgeChain := []iptables.ChainInfo{
|
||||||
|
@ -838,7 +832,7 @@ func TestCleanupIptableRules(t *testing.T) {
|
||||||
t.Fatalf("iptables chain %s of %s table should have been created", chainInfo.Name, chainInfo.Table)
|
t.Fatalf("iptables chain %s of %s table should have been created", chainInfo.Name, chainInfo.Table)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Init(fakeCallBack{}, make(map[string]interface{}))
|
removeIPChains()
|
||||||
for _, chainInfo := range bridgeChain {
|
for _, chainInfo := range bridgeChain {
|
||||||
if iptables.ExistChain(chainInfo.Name, chainInfo.Table) {
|
if iptables.ExistChain(chainInfo.Name, chainInfo.Table) {
|
||||||
t.Fatalf("iptables chain %s of %s table should have been deleted", chainInfo.Name, chainInfo.Table)
|
t.Fatalf("iptables chain %s of %s table should have been deleted", chainInfo.Name, chainInfo.Table)
|
||||||
|
|
Loading…
Reference in New Issue