We use cookies to ensure you get the best experience on our website
Inicio Explorar Ayuda
Registro Iniciar sesión
0ct0pu5
/
moby
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Explorar el Código

moved some ipv6 config to setupIPForwarding

Signed-off-by: Benjamin Böhmke <benjamin@boehmke.net>
Benjamin Böhmke hace 5 años
padre
dfd1925ed1
commit
3475f006b7
Se han modificado 3 ficheros con 18 adiciones y 13 borrados
Dividir vista Mostrar estadísticas de diff
  1. 7 11
      libnetwork/drivers/bridge/bridge.go
  2. 10 1
      libnetwork/drivers/bridge/setup_ip_forwarding.go
  3. 1 1
      libnetwork/drivers/bridge/setup_ip_forwarding_test.go

+ 7 - 11
libnetwork/drivers/bridge/bridge.go
Ver fichero 

@@ -396,24 +396,20 @@ func (d *driver) configure(option map[string]interface{}) error {
 
 			logrus.Debugf("Recreating iptables chains on firewall reload")
 
 			setupIPChains(config, iptables.IPv4)
 
 		})
 
-		iptables.OnReloaded(func() {
 
-			logrus.Debugf("Recreating ip6tables chains on firewall reload")
 
-			setupIPChains(config, iptables.IPv6)
 
-		})
 
+		if config.EnableIP6Tables {
 
+			iptables.OnReloaded(func() {
 
+				logrus.Debugf("Recreating ip6tables chains on firewall reload")
 
+				setupIPChains(config, iptables.IPv6)
 
+			})
 
+		}
 
 	}
 
 
 	if config.EnableIPForwarding {
 
-		err = setupIPForwarding(config.EnableIPTables)
 
+		err = setupIPForwarding(config.EnableIPTables, config.EnableIP6Tables)
 
 		if err != nil {
 
 			logrus.Warn(err)
 
 			return err
 
 		}
 
-		if config.EnableIP6Tables {
 
-			iptable := iptables.GetIptable(iptables.IPv6)
 
-			if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
 
-				logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
 
-			}
 
-		}
 
 	}
 
 
 	d.Lock()

+ 10 - 1
libnetwork/drivers/bridge/setup_ip_forwarding.go
Ver fichero 

@@ -21,7 +21,7 @@ func configureIPForwarding(enable bool) error {
 
 	return ioutil.WriteFile(ipv4ForwardConf, []byte{val, '\n'}, ipv4ForwardConfPerm)
 
 }
 
 
-func setupIPForwarding(enableIPTables bool) error {
 
+func setupIPForwarding(enableIPTables bool, enableIP6Tables bool) error {
 
 	// Get current IPv4 forward setup
 
 	ipv4ForwardData, err := ioutil.ReadFile(ipv4ForwardConf)
 
 	if err != nil {
 
@@ -53,5 +53,14 @@ func setupIPForwarding(enableIPTables bool) error {
 
 			}
 
 		})
 
 	}
 
+
 
+	// add only iptables rules - forwarding is handled by setupIPv6Forwarding in setup_ipv6
 
+	if enableIP6Tables {
 
+		iptable := iptables.GetIptable(iptables.IPv6)
 
+		if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
 
+			logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
 
+		}
 
+	}
 
+
 
 	return nil
 
 }

+ 1 - 1
libnetwork/drivers/bridge/setup_ip_forwarding_test.go
Ver fichero 

@@ -17,7 +17,7 @@ func TestSetupIPForwarding(t *testing.T) {
 
 	}
 
 
 	// Set IP Forwarding
 
-	if err := setupIPForwarding(true); err != nil {
 
+	if err := setupIPForwarding(true, false); err != nil {
 
 		t.Fatalf("Failed to setup IP forwarding: %v", err)
 
 	}

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5