Google Git
Sign in
fuchsia/third_party/github.com/moby/moby/cf31b9622ae9de4b5fb7a1c9456460980ab80281^1..cf31b9622ae9de4b5fb7a1c9456460980ab80281/.
commit
cf31b9622ae9de4b5fb7a1c9456460980ab80281
[log] [tgz]
author
Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
Mon Dec 07 11:59:42 2020 +0100
committer
GitHub <noreply@github.com>
Mon Dec 07 11:59:42 2020 +0100
tree
ebdcb6213190529b35278bff5ab40977a318db86
parent
c40bef92e2ced68fee15d3befd6d525496324ed7 [diff]
parent
cd63cc846e7ec4f2d255023d04ead33a2a7fe986 [diff]
Merge pull request #41622 from bboehmke/ipv6_nat

IPv6 iptables config option
diff --git a/cmd/dockerd/config_unix.go b/cmd/dockerd/config_unix.go
index 2daad6e..7ae5828 100644
--- a/cmd/dockerd/config_unix.go
+++ b/cmd/dockerd/config_unix.go

@@ -34,6 +34,7 @@
 	flags.BoolVar(&conf.EnableSelinuxSupport, "selinux-enabled", false, "Enable selinux support")
 	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", &conf.Ulimits), "default-ulimit", "Default ulimits for containers")
 	flags.BoolVar(&conf.BridgeConfig.EnableIPTables, "iptables", true, "Enable addition of iptables rules")
+	flags.BoolVar(&conf.BridgeConfig.EnableIP6Tables, "ip6tables", false, "Enable addition of ip6tables rules")
 	flags.BoolVar(&conf.BridgeConfig.EnableIPForward, "ip-forward", true, "Enable net.ipv4.ip_forward")
 	flags.BoolVar(&conf.BridgeConfig.EnableIPMasq, "ip-masq", true, "Enable IP masquerading")
 	flags.BoolVar(&conf.BridgeConfig.EnableIPv6, "ipv6", false, "Enable IPv6 networking")

diff --git a/daemon/config/config_unix.go b/daemon/config/config_unix.go
index 343b85f..4a32f55 100644
--- a/daemon/config/config_unix.go
+++ b/daemon/config/config_unix.go

@@ -54,6 +54,7 @@
 	// Fields below here are platform specific.
 	EnableIPv6          bool   `json:"ipv6,omitempty"`
 	EnableIPTables      bool   `json:"iptables,omitempty"`
+	EnableIP6Tables     bool   `json:"ip6tables,omitempty"`
 	EnableIPForward     bool   `json:"ip-forward,omitempty"`
 	EnableIPMasq        bool   `json:"ip-masq,omitempty"`
 	EnableUserlandProxy bool   `json:"userland-proxy,omitempty"`

diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index f483c7e..6951475 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go

@@ -746,6 +746,9 @@
 	if !conf.BridgeConfig.EnableIPTables && !conf.BridgeConfig.InterContainerCommunication {
 		return fmt.Errorf("You specified --iptables=false with --icc=false. ICC=false uses iptables to function. Please set --icc or --iptables to true")
 	}
+	if conf.BridgeConfig.EnableIP6Tables && !conf.Experimental {
+		return fmt.Errorf("ip6tables rules are only available if experimental features are enabled")
+	}
 	if !conf.BridgeConfig.EnableIPTables && conf.BridgeConfig.EnableIPMasq {
 		conf.BridgeConfig.EnableIPMasq = false
 	}
@@ -911,6 +914,7 @@
 	bridgeConfig := options.Generic{
 		"EnableIPForwarding":  config.BridgeConfig.EnableIPForward,
 		"EnableIPTables":      config.BridgeConfig.EnableIPTables,
+		"EnableIP6Tables":     config.BridgeConfig.EnableIP6Tables,
 		"EnableUserlandProxy": config.BridgeConfig.EnableUserlandProxy,
 		"UserlandProxyPath":   config.BridgeConfig.UserlandProxyPath}
 	bridgeOption := options.Generic{netlabel.GenericData: bridgeConfig}