mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #41622 from bboehmke/ipv6_nat
IPv6 iptables config option
This commit is contained in:
commit
cf31b9622a
3 changed files with 6 additions and 0 deletions
|
@ -34,6 +34,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
|
||||||
flags.BoolVar(&conf.EnableSelinuxSupport, "selinux-enabled", false, "Enable selinux support")
|
flags.BoolVar(&conf.EnableSelinuxSupport, "selinux-enabled", false, "Enable selinux support")
|
||||||
flags.Var(opts.NewNamedUlimitOpt("default-ulimits", &conf.Ulimits), "default-ulimit", "Default ulimits for containers")
|
flags.Var(opts.NewNamedUlimitOpt("default-ulimits", &conf.Ulimits), "default-ulimit", "Default ulimits for containers")
|
||||||
flags.BoolVar(&conf.BridgeConfig.EnableIPTables, "iptables", true, "Enable addition of iptables rules")
|
flags.BoolVar(&conf.BridgeConfig.EnableIPTables, "iptables", true, "Enable addition of iptables rules")
|
||||||
|
flags.BoolVar(&conf.BridgeConfig.EnableIP6Tables, "ip6tables", false, "Enable addition of ip6tables rules")
|
||||||
flags.BoolVar(&conf.BridgeConfig.EnableIPForward, "ip-forward", true, "Enable net.ipv4.ip_forward")
|
flags.BoolVar(&conf.BridgeConfig.EnableIPForward, "ip-forward", true, "Enable net.ipv4.ip_forward")
|
||||||
flags.BoolVar(&conf.BridgeConfig.EnableIPMasq, "ip-masq", true, "Enable IP masquerading")
|
flags.BoolVar(&conf.BridgeConfig.EnableIPMasq, "ip-masq", true, "Enable IP masquerading")
|
||||||
flags.BoolVar(&conf.BridgeConfig.EnableIPv6, "ipv6", false, "Enable IPv6 networking")
|
flags.BoolVar(&conf.BridgeConfig.EnableIPv6, "ipv6", false, "Enable IPv6 networking")
|
||||||
|
|
|
@ -54,6 +54,7 @@ type BridgeConfig struct {
|
||||||
// Fields below here are platform specific.
|
// Fields below here are platform specific.
|
||||||
EnableIPv6 bool `json:"ipv6,omitempty"`
|
EnableIPv6 bool `json:"ipv6,omitempty"`
|
||||||
EnableIPTables bool `json:"iptables,omitempty"`
|
EnableIPTables bool `json:"iptables,omitempty"`
|
||||||
|
EnableIP6Tables bool `json:"ip6tables,omitempty"`
|
||||||
EnableIPForward bool `json:"ip-forward,omitempty"`
|
EnableIPForward bool `json:"ip-forward,omitempty"`
|
||||||
EnableIPMasq bool `json:"ip-masq,omitempty"`
|
EnableIPMasq bool `json:"ip-masq,omitempty"`
|
||||||
EnableUserlandProxy bool `json:"userland-proxy,omitempty"`
|
EnableUserlandProxy bool `json:"userland-proxy,omitempty"`
|
||||||
|
|
|
@ -746,6 +746,9 @@ func verifyDaemonSettings(conf *config.Config) error {
|
||||||
if !conf.BridgeConfig.EnableIPTables && !conf.BridgeConfig.InterContainerCommunication {
|
if !conf.BridgeConfig.EnableIPTables && !conf.BridgeConfig.InterContainerCommunication {
|
||||||
return fmt.Errorf("You specified --iptables=false with --icc=false. ICC=false uses iptables to function. Please set --icc or --iptables to true")
|
return fmt.Errorf("You specified --iptables=false with --icc=false. ICC=false uses iptables to function. Please set --icc or --iptables to true")
|
||||||
}
|
}
|
||||||
|
if conf.BridgeConfig.EnableIP6Tables && !conf.Experimental {
|
||||||
|
return fmt.Errorf("ip6tables rules are only available if experimental features are enabled")
|
||||||
|
}
|
||||||
if !conf.BridgeConfig.EnableIPTables && conf.BridgeConfig.EnableIPMasq {
|
if !conf.BridgeConfig.EnableIPTables && conf.BridgeConfig.EnableIPMasq {
|
||||||
conf.BridgeConfig.EnableIPMasq = false
|
conf.BridgeConfig.EnableIPMasq = false
|
||||||
}
|
}
|
||||||
|
@ -911,6 +914,7 @@ func driverOptions(config *config.Config) []nwconfig.Option {
|
||||||
bridgeConfig := options.Generic{
|
bridgeConfig := options.Generic{
|
||||||
"EnableIPForwarding": config.BridgeConfig.EnableIPForward,
|
"EnableIPForwarding": config.BridgeConfig.EnableIPForward,
|
||||||
"EnableIPTables": config.BridgeConfig.EnableIPTables,
|
"EnableIPTables": config.BridgeConfig.EnableIPTables,
|
||||||
|
"EnableIP6Tables": config.BridgeConfig.EnableIP6Tables,
|
||||||
"EnableUserlandProxy": config.BridgeConfig.EnableUserlandProxy,
|
"EnableUserlandProxy": config.BridgeConfig.EnableUserlandProxy,
|
||||||
"UserlandProxyPath": config.BridgeConfig.UserlandProxyPath}
|
"UserlandProxyPath": config.BridgeConfig.UserlandProxyPath}
|
||||||
bridgeOption := options.Generic{netlabel.GenericData: bridgeConfig}
|
bridgeOption := options.Generic{netlabel.GenericData: bridgeConfig}
|
||||||
|
|
Loading…
Reference in a new issue