docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2633 from danderson/2598-fix-iptables-anydest 

Correctly express "any address" to iptables.
This commit is contained in:
Michael Crosby 2013-11-11 10:22:02 -08:00
parent 1d9139bb89 8ba8783bcc
commit 2fc0084f6b
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
iptables/iptables.go
View File

@ -55,9 +55,16 @@ func RemoveExistingChain(name string) error {
} }
func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr string, dest_port int) error { func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr string, dest_port int) error {
daddr := ip.String()
if ip.IsUnspecified() {
// iptables interprets "0.0.0.0" as "0.0.0.0/32", whereas we
// want "0.0.0.0/0". "0/0" is correctly interpreted as "any
// value" by both iptables and ip6tables.
daddr = "0/0"
}
if output, err := Raw("-t", "nat", fmt.Sprint(action), c.Name, if output, err := Raw("-t", "nat", fmt.Sprint(action), c.Name,
"-p", proto, "-p", proto,
"-d", ip.String(), "-d", daddr,
"--dport", strconv.Itoa(port), "--dport", strconv.Itoa(port),
"!", "-i", c.Bridge, "!", "-i", c.Bridge,
"-j", "DNAT", "-j", "DNAT",