controller: Check if IPTables is enabled for arrangeUserFilterRule

This allows the `--iptables=false` argument to the `dockerd` to actually
work.

Signed-off-by: David O'Rourke <david@scalefactory.com>

libnetwork/controller.go

@@ -679,6 +679,29 @@ func (c *controller) isAgent() bool {
 	return c.cfg.Daemon.ClusterProvider.IsAgent()
 }
 
+func (c *controller) hasIPTablesEnabled() bool {
+	c.Lock()
+	defer c.Unlock()
+
+	if c.cfg == nil || c.cfg.Daemon.DriverCfg[netlabel.GenericData] == nil {
+		return false
+	}
+
+	genericData, ok := c.cfg.Daemon.DriverCfg[netlabel.GenericData]
+	if !ok {
+		return false
+	}
+
+	optMap := genericData.(map[string]interface{})
+
+	enabled, ok := optMap["EnableIPTables"].(bool)
+	if !ok {
+		return false
+	}
+
+	return enabled
+}
+
 func (c *controller) isDistributedControl() bool {
 	return !c.isManager() && !c.isAgent()
 }
@@ -902,7 +925,9 @@ addToStore:
 		c.Unlock()
 	}
 
-	c.arrangeUserFilterRule()
+	if c.hasIPTablesEnabled() {
+		c.arrangeUserFilterRule()
+	}
 
 	return network, nil
 }