@@ -3,7 +3,7 @@

 # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When

 # updating the binary version, consider updating github.com/docker/libnetwork

 # in vendor.conf accordingly

-LIBNETWORK_COMMIT=96bcc0dae898308ed659c5095526788a602f4726

+LIBNETWORK_COMMIT=45c710223c5fbf04dc3028b9a90b51892e36ca7f

 install_proxy() {

 	case "$1" in

@@ -38,7 +38,7 @@ github.com/gofrs/flock                              7f43ea2e6a643ad441fc12d0ecc0

 # libnetwork

 # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly

-github.com/docker/libnetwork                        96bcc0dae898308ed659c5095526788a602f4726

+github.com/docker/libnetwork                        45c710223c5fbf04dc3028b9a90b51892e36ca7f

 github.com/docker/go-events                         9461782956ad83b30282bf90e31fa6a70c255ba9

 github.com/armon/go-radix                           e39d623f12e8e41c7b5529e9a9dd67a1e2261f80

 github.com/armon/go-metrics                         eb0af217e5e9747e41dd5303755356b62d28e3ec

@@ -34,11 +34,11 @@ func setupIPForwarding(enableIPTables bool) error {

 		if err := configureIPForwarding(true); err != nil {

 			return fmt.Errorf("Enabling IP forwarding failed: %v", err)

 		}

-	}

-

-	// Set the default policy on forward chain to drop only if the

-	// daemon option iptables is not set to false.

-	if enableIPTables {

+		// When enabling ip_forward set the default policy on forward chain to

+		// drop only if the daemon option iptables is not set to false.

+		if !enableIPTables {

+			return nil

+		}

 		if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {

 			if err := configureIPForwarding(false); err != nil {

 				logrus.Errorf("Disabling IP forwarding failed, %v", err)