0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #4026 from crosbymichael/fix-linking-icc

Browse source 
Add bidirectional iptables rule back to links
This commit is contained in:
Guillaume J. Charmes 2014-02-10 13:13:28 -08:00
commit 63f0bbaf14
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
networkdriver/lxc/driver.go
View file

@ -172,7 +172,6 @@ func setupIPTables(addr net.Addr, icc bool) error {
iptables.Raw(append([]string{"-D"}, acceptArgs...)...)
if !iptables.Exists(dropArgs...) {
utils.Debugf("Disable inter-container communication")
if output, err := iptables.Raw(append([]string{"-I"}, dropArgs...)...); err != nil {
return fmt.Errorf("Unable to prevent intercontainer communication: %s", err)
@ -470,6 +469,20 @@ func LinkContainers(job *engine.Job) engine.Status {
job.Errorf("Error toggle iptables forward: %s", output)
return engine.StatusErr
}
if output, err := iptables.Raw(action, "FORWARD",
"-i", bridgeIface, "-o", bridgeIface,
"-p", proto,
"-s", childIP,
"--sport", port,
"-d", parentIP,
"-j", "ACCEPT"); !ignoreErrors && err != nil {
job.Error(err)
return engine.StatusErr
} else if len(output) != 0 {
job.Errorf("Error toggle iptables forward: %s", output)
return engine.StatusErr
}
}
return engine.StatusOK
}