пре 4 година · cf31b9622a
--- a/cmd/dockerd/config_unix.go
+++ b/cmd/dockerd/config_unix.go
@@ -34,6 +34,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
 
															 	flags.BoolVar(&conf.EnableSelinuxSupport, "selinux-enabled", false, "Enable selinux support")
														
 
															 	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", &conf.Ulimits), "default-ulimit", "Default ulimits for containers")
														
 
															 	flags.BoolVar(&conf.BridgeConfig.EnableIPTables, "iptables", true, "Enable addition of iptables rules")
														
 
															+	flags.BoolVar(&conf.BridgeConfig.EnableIP6Tables, "ip6tables", false, "Enable addition of ip6tables rules")
														
 
															 	flags.BoolVar(&conf.BridgeConfig.EnableIPForward, "ip-forward", true, "Enable net.ipv4.ip_forward")
														
 
															 	flags.BoolVar(&conf.BridgeConfig.EnableIPMasq, "ip-masq", true, "Enable IP masquerading")
														
 
															 	flags.BoolVar(&conf.BridgeConfig.EnableIPv6, "ipv6", false, "Enable IPv6 networking")
														
--- a/daemon/config/config_unix.go
+++ b/daemon/config/config_unix.go
@@ -54,6 +54,7 @@ type BridgeConfig struct {
 
															 	// Fields below here are platform specific.
														
 
															 	EnableIPv6          bool   `json:"ipv6,omitempty"`
														
 
															 	EnableIPTables      bool   `json:"iptables,omitempty"`
														
 
															+	EnableIP6Tables     bool   `json:"ip6tables,omitempty"`
														
 
															 	EnableIPForward     bool   `json:"ip-forward,omitempty"`
														
 
															 	EnableIPMasq        bool   `json:"ip-masq,omitempty"`
														
 
															 	EnableUserlandProxy bool   `json:"userland-proxy,omitempty"`
														
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -746,6 +746,9 @@ func verifyDaemonSettings(conf *config.Config) error {
 
															 	if !conf.BridgeConfig.EnableIPTables && !conf.BridgeConfig.InterContainerCommunication {
														
 
															 		return fmt.Errorf("You specified --iptables=false with --icc=false. ICC=false uses iptables to function. Please set --icc or --iptables to true")
														
 
															 	}
														
 
															+	if conf.BridgeConfig.EnableIP6Tables && !conf.Experimental {
														
 
															+		return fmt.Errorf("ip6tables rules are only available if experimental features are enabled")
														
 
															+	}
														
 
															 	if !conf.BridgeConfig.EnableIPTables && conf.BridgeConfig.EnableIPMasq {
														
 
															 		conf.BridgeConfig.EnableIPMasq = false
														
 
															 	}
														
@@ -911,6 +914,7 @@ func driverOptions(config *config.Config) []nwconfig.Option {
 
															 	bridgeConfig := options.Generic{
														
 
															 		"EnableIPForwarding":  config.BridgeConfig.EnableIPForward,
														
 
															 		"EnableIPTables":      config.BridgeConfig.EnableIPTables,
														
 
															+		"EnableIP6Tables":     config.BridgeConfig.EnableIP6Tables,
														
 
															 		"EnableUserlandProxy": config.BridgeConfig.EnableUserlandProxy,
														
 
															 		"UserlandProxyPath":   config.BridgeConfig.UserlandProxyPath}
														
 
															 	bridgeOption := options.Generic{netlabel.GenericData: bridgeConfig}