Merge pull request #398 from thaJeztah/19.03_rollback_libnetwork

[19.03] roll-back libnetwork iptables forward policy change [DESKTOP-1934]
This commit is contained in:
Sebastiaan van Stijn 2019-10-07 23:12:15 +02:00 committed by GitHub
commit 3e077fc866
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 7 deletions

View file

@ -3,7 +3,7 @@
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
# updating the binary version, consider updating github.com/docker/libnetwork # updating the binary version, consider updating github.com/docker/libnetwork
# in vendor.conf accordingly # in vendor.conf accordingly
LIBNETWORK_COMMIT=96bcc0dae898308ed659c5095526788a602f4726 LIBNETWORK_COMMIT=45c710223c5fbf04dc3028b9a90b51892e36ca7f
install_proxy() { install_proxy() {
case "$1" in case "$1" in

View file

@ -38,7 +38,7 @@ github.com/gofrs/flock 7f43ea2e6a643ad441fc12d0ecc0
# libnetwork # libnetwork
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
github.com/docker/libnetwork 96bcc0dae898308ed659c5095526788a602f4726 github.com/docker/libnetwork 45c710223c5fbf04dc3028b9a90b51892e36ca7f
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec

View file

@ -34,11 +34,11 @@ func setupIPForwarding(enableIPTables bool) error {
if err := configureIPForwarding(true); err != nil { if err := configureIPForwarding(true); err != nil {
return fmt.Errorf("Enabling IP forwarding failed: %v", err) return fmt.Errorf("Enabling IP forwarding failed: %v", err)
} }
// When enabling ip_forward set the default policy on forward chain to
// drop only if the daemon option iptables is not set to false.
if !enableIPTables {
return nil
} }
// Set the default policy on forward chain to drop only if the
// daemon option iptables is not set to false.
if enableIPTables {
if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil { if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
if err := configureIPForwarding(false); err != nil { if err := configureIPForwarding(false); err != nil {
logrus.Errorf("Disabling IP forwarding failed, %v", err) logrus.Errorf("Disabling IP forwarding failed, %v", err)