vor 6 Jahren · 301a7724fb
--- a/libnetwork/controller.go
+++ b/libnetwork/controller.go
@@ -679,29 +679,6 @@ func (c *controller) isAgent() bool {
 
				 	return c.cfg.Daemon.ClusterProvider.IsAgent()
			
 
				 }
			
 
				 
			
 
				-func (c *controller) hasIPTablesEnabled() bool {
			
 
				-	c.Lock()
			
 
				-	defer c.Unlock()
			
 
				-
			
 
				-	if c.cfg == nil || c.cfg.Daemon.DriverCfg[netlabel.GenericData] == nil {
			
 
				-		return false
			
 
				-	}
			
 
				-
			
 
				-	genericData, ok := c.cfg.Daemon.DriverCfg[netlabel.GenericData]
			
 
				-	if !ok {
			
 
				-		return false
			
 
				-	}
			
 
				-
			
 
				-	optMap := genericData.(map[string]interface{})
			
 
				-
			
 
				-	enabled, ok := optMap["EnableIPTables"].(bool)
			
 
				-	if !ok {
			
 
				-		return false
			
 
				-	}
			
 
				-
			
 
				-	return enabled
			
 
				-}
			
 
				-
			
 
				 func (c *controller) isDistributedControl() bool {
			
 
				 	return !c.isManager() && !c.isAgent()
			
 
				 }
			
@@ -925,9 +902,7 @@ addToStore:
 
				 		c.Unlock()
			
 
				 	}
			
 
				 
			
 
				-	if c.hasIPTablesEnabled() {
			
 
				-		c.arrangeUserFilterRule()
			
 
				-	}
			
 
				+	c.arrangeUserFilterRule()
			
 
				 
			
 
				 	return network, nil
			
 
				 }
			
--- a/libnetwork/firewall_linux.go
+++ b/libnetwork/firewall_linux.go
@@ -2,6 +2,7 @@ package libnetwork
 
				 
			
 
				 import (
			
 
				 	"github.com/docker/libnetwork/iptables"
			
 
				+	"github.com/docker/libnetwork/netlabel"
			
 
				 	"github.com/sirupsen/logrus"
			
 
				 )
			
 
				 
			
@@ -9,15 +10,44 @@ const userChain = "DOCKER-USER"
 
				 
			
 
				 func (c *controller) arrangeUserFilterRule() {
			
 
				 	c.Lock()
			
 
				-	arrangeUserFilterRule()
			
 
				+
			
 
				+	if c.hasIPTablesEnabled() {
			
 
				+		arrangeUserFilterRule()
			
 
				+	}
			
 
				+
			
 
				 	c.Unlock()
			
 
				+
			
 
				 	iptables.OnReloaded(func() {
			
 
				 		c.Lock()
			
 
				-		arrangeUserFilterRule()
			
 
				+
			
 
				+		if c.hasIPTablesEnabled() {
			
 
				+			arrangeUserFilterRule()
			
 
				+		}
			
 
				+
			
 
				 		c.Unlock()
			
 
				 	})
			
 
				 }
			
 
				 
			
 
				+func (c *controller) hasIPTablesEnabled() bool {
			
 
				+	// Locking c should be handled in the calling method.
			
 
				+	if c.cfg == nil || c.cfg.Daemon.DriverCfg[netlabel.GenericData] == nil {
			
 
				+		return false
			
 
				+	}
			
 
				+
			
 
				+	genericData, ok := c.cfg.Daemon.DriverCfg[netlabel.GenericData]
			
 
				+	if !ok {
			
 
				+		return false
			
 
				+	}
			
 
				+
			
 
				+	optMap := genericData.(map[string]interface{})
			
 
				+	enabled, ok := optMap["EnableIPTables"].(bool)
			
 
				+	if !ok {
			
 
				+		return false
			
 
				+	}
			
 
				+
			
 
				+	return enabled
			
 
				+}
			
 
				+
			
 
				 // This chain allow users to configure firewall policies in a way that persists
			
 
				 // docker operations/restarts. Docker will not delete or modify any pre-existing
			
 
				 // rules from the DOCKER-USER filter chain.