@@ -34,6 +34,7 @@ func (n *bridgeNetwork) allocatePorts(ep *bridgeEndpoint, reqDefBindIP net.IP, u

 	// IPv6 port binding excluding user land proxy

 	if n.driver.config.EnableIP6Tables && ep.addrv6 != nil {

+		// TODO IPv6 custom default binding IP

 		pbv6, err := n.allocatePortsInternal(ep.extConnConfig.PortBindings, ep.addrv6.IP, defaultBindingIPV6, false)

 		if err != nil {

 			// ensure we clear the previous allocated IPv4 ports

@@ -210,6 +210,7 @@ func programMangle(vni uint32, add bool) (err error) {

 		action = "install"

 	)

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	if add == iptable.Exists(iptables.Mangle, chain, rule...) {

@@ -241,6 +242,7 @@ func programInput(vni uint32, add bool) (err error) {

 		msg        = "add"

 	)

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	if !add {

@@ -20,6 +20,7 @@ func filterWait() func() {

 }

 func chainExists(cname string) bool {

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	if _, err := iptable.Raw("-L", cname); err != nil {

 		return false

@@ -29,6 +30,7 @@ func chainExists(cname string) bool {

 }

 func setupGlobalChain() {

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	// Because of an ungraceful shutdown, chain could already be present

 	if !chainExists(globalChain) {

@@ -46,6 +48,7 @@ func setupGlobalChain() {

 }

 func setNetworkChain(cname string, remove bool) error {

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	// Initialize the onetime global overlay chain

 	filterOnce.Do(setupGlobalChain)

@@ -95,6 +98,7 @@ func setFilters(cname, brName string, remove bool) error {

 	if remove {

 		opt = "-D"

 	}

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	// Every time we set filters for a new subnet make sure to move the global overlay hook to the top of the both the OUTPUT and forward chains

@@ -26,6 +26,7 @@ func arrangeUserFilterRule() {

 	if ctrl == nil || !ctrl.iptablesEnabled() {

 		return

 	}

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	_, err := iptable.NewChain(userChain, iptables.Filter, false)

 	if err != nil {

@@ -57,6 +57,7 @@ func reexecSetupResolver() {

 		os.Exit(3)

 	}

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	// insert outputChain and postroutingchain

@@ -302,7 +302,7 @@ func filterPortConfigs(ingressPorts []*PortConfig, isDelete bool) []*PortConfig

 }

 func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) error {

-

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	addDelOpt := "-I"

@@ -464,6 +464,7 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro

 // This chain has the rules to allow access to the published ports for swarm tasks

 // from local bridge networks and docker_gwbridge (ie:taks on other swarm networks)

 func arrangeIngressFilterRule() {

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	if iptable.ExistChain(ingressChain, iptables.Filter) {

 		if iptable.Exists(iptables.Filter, "FORWARD", "-j", ingressChain) {

@@ -610,6 +611,7 @@ func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*Port

 // Firewall marker reexec function.

 func fwMarker() {

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	runtime.LockOSThread()

 	defer runtime.UnlockOSThread()

@@ -716,6 +718,7 @@ func addRedirectRules(path string, eIP *net.IPNet, ingressPorts []*PortConfig) e

 // Redirector reexec function.

 func redirector() {

+	// TODO IPv6 support

 	iptable := iptables.GetIptable(iptables.IPv4)

 	runtime.LockOSThread()

 	defer runtime.UnlockOSThread()