resorted EnableIP6Tables in driver configure

Signed-off-by: Benjamin Böhmke <benjamin@boehmke.net>

libnetwork/drivers/bridge/bridge.go

@@ -375,40 +375,42 @@ func (d *driver) configure(option map[string]interface{}) error {
 		return &ErrInvalidDriverConfig{}
 	}
 
-	if config.EnableIPTables {
+	if config.EnableIPTables || config.EnableIP6Tables {
 		if _, err := os.Stat("/proc/sys/net/bridge"); err != nil {
 			if out, err := exec.Command("modprobe", "-va", "bridge", "br_netfilter").CombinedOutput(); err != nil {
 				logrus.Warnf("Running modprobe bridge br_netfilter failed with message: %s, error: %v", out, err)
 			}
 		}
+	}
 
+	if config.EnableIPTables {
 		removeIPChains(iptables.IPv4)
-		if config.EnableIP6Tables {
-			removeIPChains(iptables.IPv6)
-		}
 
 		natChain, filterChain, isolationChain1, isolationChain2, err = setupIPChains(config, iptables.IPv4)
 		if err != nil {
 			return err
 		}
-		if config.EnableIP6Tables {
-			natChainV6, filterChainV6, isolationChain1V6, isolationChain2V6, err = setupIPChains(config, iptables.IPv6)
-			if err != nil {
-				return err
-			}
-		}
 
 		// Make sure on firewall reload, first thing being re-played is chains creation
 		iptables.OnReloaded(func() {
 			logrus.Debugf("Recreating iptables chains on firewall reload")
 			setupIPChains(config, iptables.IPv4)
 		})
-		if config.EnableIP6Tables {
-			iptables.OnReloaded(func() {
-				logrus.Debugf("Recreating ip6tables chains on firewall reload")
-				setupIPChains(config, iptables.IPv6)
-			})
+	}
+
+	if config.EnableIP6Tables {
+		removeIPChains(iptables.IPv6)
+
+		natChainV6, filterChainV6, isolationChain1V6, isolationChain2V6, err = setupIPChains(config, iptables.IPv6)
+		if err != nil {
+			return err
 		}
+
+		// Make sure on firewall reload, first thing being re-played is chains creation
+		iptables.OnReloaded(func() {
+			logrus.Debugf("Recreating ip6tables chains on firewall reload")
+			setupIPChains(config, iptables.IPv6)
+		})
 	}
 
 	if config.EnableIPForwarding {

libnetwork/drivers/bridge/setup_ip_forwarding.go

@@ -36,22 +36,21 @@ func setupIPForwarding(enableIPTables bool, enableIP6Tables bool) error {
 		}
 		// When enabling ip_forward set the default policy on forward chain to
 		// drop only if the daemon option iptables is not set to false.
-		if !enableIPTables {
-			return nil
-		}
-		iptable := iptables.GetIptable(iptables.IPv4)
-		if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
-			if err := configureIPForwarding(false); err != nil {
-				logrus.Errorf("Disabling IP forwarding failed, %v", err)
-			}
-			return err
-		}
-		iptables.OnReloaded(func() {
-			logrus.Debug("Setting the default DROP policy on firewall reload")
+		if enableIPTables {
+			iptable := iptables.GetIptable(iptables.IPv4)
 			if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
-				logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
+				if err := configureIPForwarding(false); err != nil {
+					logrus.Errorf("Disabling IP forwarding failed, %v", err)
+				}
+				return err
 			}
-		})
+			iptables.OnReloaded(func() {
+				logrus.Debug("Setting the default DROP policy on firewall reload")
+				if err := iptable.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
+					logrus.Warnf("Setting the default DROP policy on firewall reload failed, %v", err)
+				}
+			})
+		}
 	}
 
 	// add only iptables rules - forwarding is handled by setupIPv6Forwarding in setup_ipv6