0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #2460 from moby/revert-2450-iptables-policy

Browse source 
Revert "Always configure iptables forward policy"
This commit is contained in:
Arko Dasgupta 2020-03-18 11:22:47 -07:00 committed by GitHub
commit e49ee8266d
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
libnetwork/drivers/bridge/setup_ip_forwarding.go
View file

@ -34,11 +34,11 @@ func setupIPForwarding(enableIPTables bool) error {
if err := configureIPForwarding(true); err != nil {
return fmt.Errorf("Enabling IP forwarding failed: %v", err)
}
}
// Set the default policy on forward chain to drop only if the
// daemon option iptables is not set to false.
if enableIPTables {
// When enabling ip_forward set the default policy on forward chain to
// drop only if the daemon option iptables is not set to false.
if !enableIPTables {
return nil
}
if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
if err := configureIPForwarding(false); err != nil {
logrus.Errorf("Disabling IP forwarding failed, %v", err)