|
@@ -340,7 +340,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
|
|
|
|
|
|
|
|
if !iptables.Exists(iptables.Filter, "FORWARD", dropArgs...) {
|
|
if !iptables.Exists(iptables.Filter, "FORWARD", dropArgs...) {
|
|
|
logrus.Debugf("Disable inter-container communication")
|
|
logrus.Debugf("Disable inter-container communication")
|
|
|
- if output, err := iptables.Raw(append([]string{"-I", "FORWARD"}, dropArgs...)...); err != nil {
|
|
|
|
|
|
|
+ if output, err := iptables.Raw(append([]string{"-A", "FORWARD"}, dropArgs...)...); err != nil {
|
|
|
return fmt.Errorf("Unable to prevent intercontainer communication: %s", err)
|
|
return fmt.Errorf("Unable to prevent intercontainer communication: %s", err)
|
|
|
} else if len(output) != 0 {
|
|
} else if len(output) != 0 {
|
|
|
return fmt.Errorf("Error disabling intercontainer communication: %s", output)
|
|
return fmt.Errorf("Error disabling intercontainer communication: %s", output)
|
|
@@ -351,7 +351,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
|
|
|
|
|
|
|
|
if !iptables.Exists(iptables.Filter, "FORWARD", acceptArgs...) {
|
|
if !iptables.Exists(iptables.Filter, "FORWARD", acceptArgs...) {
|
|
|
logrus.Debugf("Enable inter-container communication")
|
|
logrus.Debugf("Enable inter-container communication")
|
|
|
- if output, err := iptables.Raw(append([]string{"-I", "FORWARD"}, acceptArgs...)...); err != nil {
|
|
|
|
|
|
|
+ if output, err := iptables.Raw(append([]string{"-A", "FORWARD"}, acceptArgs...)...); err != nil {
|
|
|
return fmt.Errorf("Unable to allow intercontainer communication: %s", err)
|
|
return fmt.Errorf("Unable to allow intercontainer communication: %s", err)
|
|
|
} else if len(output) != 0 {
|
|
} else if len(output) != 0 {
|
|
|
return fmt.Errorf("Error enabling intercontainer communication: %s", output)
|
|
return fmt.Errorf("Error enabling intercontainer communication: %s", output)
|
Gosuke Miyashita