diff --git a/libnetwork/drivers/bridge/port_mapping.go b/libnetwork/drivers/bridge/port_mapping.go
index d1bb610f77..75b17d63fd 100644
--- a/libnetwork/drivers/bridge/port_mapping.go
+++ b/libnetwork/drivers/bridge/port_mapping.go
@@ -34,6 +34,7 @@ func (n *bridgeNetwork) allocatePorts(ep *bridgeEndpoint, reqDefBindIP net.IP, u
 
 	// IPv6 port binding excluding user land proxy
 	if n.driver.config.EnableIP6Tables && ep.addrv6 != nil {
+		// TODO IPv6 custom default binding IP
 		pbv6, err := n.allocatePortsInternal(ep.extConnConfig.PortBindings, ep.addrv6.IP, defaultBindingIPV6, false)
 		if err != nil {
 			// ensure we clear the previous allocated IPv4 ports
diff --git a/libnetwork/drivers/overlay/encryption.go b/libnetwork/drivers/overlay/encryption.go
index 2804ddc76a..aafd9c0b5e 100644
--- a/libnetwork/drivers/overlay/encryption.go
+++ b/libnetwork/drivers/overlay/encryption.go
@@ -210,6 +210,7 @@ func programMangle(vni uint32, add bool) (err error) {
 		action = "install"
 	)
 
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
 	if add == iptable.Exists(iptables.Mangle, chain, rule...) {
@@ -241,6 +242,7 @@ func programInput(vni uint32, add bool) (err error) {
 		msg        = "add"
 	)
 
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
 	if !add {
diff --git a/libnetwork/drivers/overlay/filter.go b/libnetwork/drivers/overlay/filter.go
index 250c67153e..853afc6a80 100644
--- a/libnetwork/drivers/overlay/filter.go
+++ b/libnetwork/drivers/overlay/filter.go
@@ -20,6 +20,7 @@ func filterWait() func() {
 }
 
 func chainExists(cname string) bool {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	if _, err := iptable.Raw("-L", cname); err != nil {
 		return false
@@ -29,6 +30,7 @@ func chainExists(cname string) bool {
 }
 
 func setupGlobalChain() {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	// Because of an ungraceful shutdown, chain could already be present
 	if !chainExists(globalChain) {
@@ -46,6 +48,7 @@ func setupGlobalChain() {
 }
 
 func setNetworkChain(cname string, remove bool) error {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	// Initialize the onetime global overlay chain
 	filterOnce.Do(setupGlobalChain)
@@ -95,6 +98,7 @@ func setFilters(cname, brName string, remove bool) error {
 	if remove {
 		opt = "-D"
 	}
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
 	// Every time we set filters for a new subnet make sure to move the global overlay hook to the top of the both the OUTPUT and forward chains
diff --git a/libnetwork/firewall_linux.go b/libnetwork/firewall_linux.go
index a657825dfa..ead12b5396 100644
--- a/libnetwork/firewall_linux.go
+++ b/libnetwork/firewall_linux.go
@@ -26,6 +26,7 @@ func arrangeUserFilterRule() {
 	if ctrl == nil || !ctrl.iptablesEnabled() {
 		return
 	}
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	_, err := iptable.NewChain(userChain, iptables.Filter, false)
 	if err != nil {
diff --git a/libnetwork/resolver_unix.go b/libnetwork/resolver_unix.go
index ce65c09558..28b8c4277c 100644
--- a/libnetwork/resolver_unix.go
+++ b/libnetwork/resolver_unix.go
@@ -57,6 +57,7 @@ func reexecSetupResolver() {
 		os.Exit(3)
 	}
 
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
 	// insert outputChain and postroutingchain
diff --git a/libnetwork/service_linux.go b/libnetwork/service_linux.go
index bb94141c0c..66c8be6b97 100644
--- a/libnetwork/service_linux.go
+++ b/libnetwork/service_linux.go
@@ -302,7 +302,7 @@ func filterPortConfigs(ingressPorts []*PortConfig, isDelete bool) []*PortConfig
 }
 
 func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) error {
-
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
 	addDelOpt := "-I"
@@ -464,6 +464,7 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 // This chain has the rules to allow access to the published ports for swarm tasks
 // from local bridge networks and docker_gwbridge (ie:taks on other swarm networks)
 func arrangeIngressFilterRule() {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	if iptable.ExistChain(ingressChain, iptables.Filter) {
 		if iptable.Exists(iptables.Filter, "FORWARD", "-j", ingressChain) {
@@ -610,6 +611,7 @@ func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*Port
 
 // Firewall marker reexec function.
 func fwMarker() {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
@@ -716,6 +718,7 @@ func addRedirectRules(path string, eIP *net.IPNet, ingressPorts []*PortConfig) e
 
 // Redirector reexec function.
 func redirector() {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()