Merge a43a0afabe into 82d8f8d6e6

libnetwork/drivers/bridge/setup_ip_tables_linux.go

@@ -33,11 +33,6 @@ const (
 )
 
 func setupIPChains(config configuration, version iptables.IPVersion) (natChain *iptables.ChainInfo, filterChain *iptables.ChainInfo, isolationChain1 *iptables.ChainInfo, isolationChain2 *iptables.ChainInfo, retErr error) {
-	// Sanity check.
-	if !config.EnableIPTables {
-		return nil, nil, nil, nil, errors.New("cannot create new chains, EnableIPTable is disabled")
-	}
-
 	hairpinMode := !config.EnableUserlandProxy
 
 	iptable := iptables.GetIptable(version)

libnetwork/drivers/bridge/setup_ip_tables_linux_test.go

@@ -144,9 +144,11 @@ func assertIPTableChainProgramming(rule iptRule, descr string, t *testing.T) {
 func assertChainConfig(d *driver, t *testing.T) {
 	var err error
 
-	d.natChain, d.filterChain, d.isolationChain1, d.isolationChain2, err = setupIPChains(d.config, iptables.IPv4)
-	if err != nil {
-		t.Fatal(err)
+	if d.config.EnableIPTables {
+		d.natChain, d.filterChain, d.isolationChain1, d.isolationChain2, err = setupIPChains(d.config, iptables.IPv4)
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 	if d.config.EnableIP6Tables {
 		d.natChainV6, d.filterChainV6, d.isolationChain1V6, d.isolationChain2V6, err = setupIPChains(d.config, iptables.IPv6)
@@ -273,6 +275,22 @@ func TestOutgoingNATRules(t *testing.T) {
 			hostIPv4:           hostIPv4,
 			wantIPv4Snat:       true,
 		},
+		{
+			// Regression test for https://github.com/moby/moby/issues/46467
+			desc:               "iptables disabled, IPv6 masquerade",
+			enableIP6Tables:    true,
+			enableIPv6:         true,
+			enableIPMasquerade: true,
+			wantIPv6Masq:       true,
+		},
+		{
+			desc:               "iptables disabled, IPv6 SNAT",
+			enableIP6Tables:    true,
+			enableIPv6:         true,
+			enableIPMasquerade: true,
+			hostIPv6:           hostIPv6,
+			wantIPv6Snat:       true,
+		},
 		{
 			desc:               "IPv4 masquerade, IPv6 masquerade",
 			enableIPTables:     true,