Merge pull request #46245 from thaJeztah/firewalld_dont_fail_on_removal

libnetwork/iptables: ProgramChain: don't fail if interface not found
2023-08-23 19:58:18 +02:00 · 2023-08-23 19:58:18 +02:00 · 0e3b2ec267
commit 0e3b2ec267
parent 53afd2ae9f 513063bcf9
2 changed files with 7 additions and 2 deletions
--- a/libnetwork/iptables/firewalld.go
+++ b/libnetwork/iptables/firewalld.go
@ -273,7 +273,7 @@ func DelInterfaceFirewalld(intf string) error {
 	}
 	// Remove interface if it exists
 	if !contains(intfs, intf) {
-		return fmt.Errorf("Firewalld: unable to find interface %s in %s zone", intf, dockerZone)
+		return &interfaceNotFound{fmt.Errorf("firewalld: interface %q not found in %s zone", intf, dockerZone)}
 	}

 	log.G(context.TODO()).Debugf("Firewalld: removing %s interface from %s zone", intf, dockerZone)
@ -284,6 +284,10 @@ func DelInterfaceFirewalld(intf string) error {
 	return nil
 }

+type interfaceNotFound struct{ error }
+
+func (interfaceNotFound) NotFound() {}
+
 func contains(list []string, val string) bool {
 	for _, v := range list {
 		if v == val {
--- a/libnetwork/iptables/iptables.go
+++ b/libnetwork/iptables/iptables.go
@ -15,6 +15,7 @@ import (
 	"time"

 	"github.com/containerd/containerd/log"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/rootless"
 )

@ -209,7 +210,7 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode
 				return err
 			}
 		} else {
-			if err := DelInterfaceFirewalld(bridgeName); err != nil {
+			if err := DelInterfaceFirewalld(bridgeName); err != nil && !errdefs.IsNotFound(err) {
 				return err
 			}
 		}