From f042605a426696ce469dec5143d6273b3285ef4e Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Fri, 11 Oct 2019 09:37:18 -0700 Subject: [PATCH] Revert "Merge pull request #2339 from phyber/iptables-check" This reverts commit 8d763337191e20e70f5d1ffd7ee576cbe5c39652, reversing changes made to bdd0b7bb401357d078e6dd384a09db6c971794c1. Signed-off-by: Arko Dasgupta --- libnetwork/firewall_linux.go | 34 ++-------------------------------- 1 file changed, 2 insertions(+), 32 deletions(-) diff --git a/libnetwork/firewall_linux.go b/libnetwork/firewall_linux.go index d27f60ca0c..54f9621f81 100644 --- a/libnetwork/firewall_linux.go +++ b/libnetwork/firewall_linux.go @@ -2,7 +2,6 @@ package libnetwork import ( "github.com/docker/libnetwork/iptables" - "github.com/docker/libnetwork/netlabel" "github.com/sirupsen/logrus" ) @@ -10,44 +9,15 @@ const userChain = "DOCKER-USER" func (c *controller) arrangeUserFilterRule() { c.Lock() - - if c.hasIPTablesEnabled() { - arrangeUserFilterRule() - } - + arrangeUserFilterRule() c.Unlock() - iptables.OnReloaded(func() { c.Lock() - - if c.hasIPTablesEnabled() { - arrangeUserFilterRule() - } - + arrangeUserFilterRule() c.Unlock() }) } -func (c *controller) hasIPTablesEnabled() bool { - // Locking c should be handled in the calling method. - if c.cfg == nil || c.cfg.Daemon.DriverCfg[netlabel.GenericData] == nil { - return false - } - - genericData, ok := c.cfg.Daemon.DriverCfg[netlabel.GenericData] - if !ok { - return false - } - - optMap := genericData.(map[string]interface{}) - enabled, ok := optMap["EnableIPTables"].(bool) - if !ok { - return false - } - - return enabled -} - // This chain allow users to configure firewall policies in a way that persists // docker operations/restarts. Docker will not delete or modify any pre-existing // rules from the DOCKER-USER filter chain.