docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11526 from mizzy/append-drop-rule-not-insert 

Append DROP rule with --icc=false, not insert
This commit is contained in:
Alexander Morozov 2015-04-29 10:28:11 -07:00
parent 53bef64804 90a8e45604
commit 6c46c9c839
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
daemon/networkdriver/bridge/driver.go
View File

@ -355,7 +355,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
if !iptables.Exists(iptables.Filter, "FORWARD", dropArgs...) { if !iptables.Exists(iptables.Filter, "FORWARD", dropArgs...) {
logrus.Debugf("Disable inter-container communication") logrus.Debugf("Disable inter-container communication")
if output, err := iptables.Raw(append([]string{"-I", "FORWARD"}, dropArgs...)...); err != nil { if output, err := iptables.Raw(append([]string{"-A", "FORWARD"}, dropArgs...)...); err != nil {
return fmt.Errorf("Unable to prevent intercontainer communication: %s", err) return fmt.Errorf("Unable to prevent intercontainer communication: %s", err)
} else if len(output) != 0 { } else if len(output) != 0 {
return fmt.Errorf("Error disabling intercontainer communication: %s", output) return fmt.Errorf("Error disabling intercontainer communication: %s", output)
@ -366,7 +366,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
if !iptables.Exists(iptables.Filter, "FORWARD", acceptArgs...) { if !iptables.Exists(iptables.Filter, "FORWARD", acceptArgs...) {
logrus.Debugf("Enable inter-container communication") logrus.Debugf("Enable inter-container communication")
if output, err := iptables.Raw(append([]string{"-I", "FORWARD"}, acceptArgs...)...); err != nil { if output, err := iptables.Raw(append([]string{"-A", "FORWARD"}, acceptArgs...)...); err != nil {
return fmt.Errorf("Unable to allow intercontainer communication: %s", err) return fmt.Errorf("Unable to allow intercontainer communication: %s", err)
} else if len(output) != 0 { } else if len(output) != 0 {
return fmt.Errorf("Error enabling intercontainer communication: %s", output) return fmt.Errorf("Error enabling intercontainer communication: %s", output)