@@ -3,7 +3,7 @@

 # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When

 # updating the binary version, consider updating github.com/docker/libnetwork

 # in vendor.conf accordingly

-: "${LIBNETWORK_COMMIT:=a543cbc4871f904b0efe205708eb45d72e65fd8b}"

+: "${LIBNETWORK_COMMIT:=5c6a95bfb20c61571a00f913c6b91959ede84e8d}"

 install_proxy() {

 	case "$1" in

@@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware        3c51f7f332123e8be5a157c0802a

 # libnetwork

 # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly

-github.com/docker/libnetwork                        a543cbc4871f904b0efe205708eb45d72e65fd8b

+github.com/docker/libnetwork                        5c6a95bfb20c61571a00f913c6b91959ede84e8d 

 github.com/docker/go-events                         e31b211e4f1cd09aa76fe4ac244571fab96ae47f

 github.com/armon/go-radix                           e39d623f12e8e41c7b5529e9a9dd67a1e2261f80

 github.com/armon/go-metrics                         eb0af217e5e9747e41dd5303755356b62d28e3ec

@@ -779,13 +779,13 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {

 		{d.config.EnableIPTables, network.setupIP4Tables},

 		// Setup IP6Tables.

-		{d.config.EnableIP6Tables, network.setupIP6Tables},

+		{config.EnableIPv6 && d.config.EnableIP6Tables, network.setupIP6Tables},

 		//We want to track firewalld configuration so that

 		//if it is started/reloaded, the rules can be applied correctly

 		{d.config.EnableIPTables, network.setupFirewalld},

 		// same for IPv6

-		{d.config.EnableIP6Tables, network.setupFirewalld6},

+		{config.EnableIPv6 && d.config.EnableIP6Tables, network.setupFirewalld6},

 		// Setup DefaultGatewayIPv4

 		{config.DefaultGatewayIPv4 != nil, setupGatewayIPv4},

@@ -178,7 +178,11 @@ func (n *bridgeNetwork) setupIPTables(ipVersion iptables.IPVersion, maskedAddr *

 			return iptable.ProgramChain(filterChain, config.BridgeName, hairpinMode, false)

 		})

-		n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName())

+		if ipVersion == iptables.IPv4 {

+			n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName())

+		} else {

+			n.portMapperV6.SetIptablesChain(natChain, n.getNetworkBridgeName())

+		}

 	}

 	d.Lock()

@@ -533,8 +533,10 @@ func (iptable IPTable) raw(args ...string) ([]byte, error) {

 	}

 	path := iptablesPath

+	commandName := "iptables"

 	if iptable.Version == IPv6 {

 		path = ip6tablesPath

+		commandName = "ip6tables"

 	}

 	logrus.Debugf("%s, %v", path, args)

@@ -542,7 +544,7 @@ func (iptable IPTable) raw(args ...string) ([]byte, error) {

 	startTime := time.Now()

 	output, err := exec.Command(path, args...).CombinedOutput()

 	if err != nil {

-		return nil, fmt.Errorf("iptables failed: iptables %v: %s (%s)", strings.Join(args, " "), output, err)

+		return nil, fmt.Errorf("iptables failed: %s %v: %s (%s)", commandName, strings.Join(args, " "), output, err)

 	}

 	return filterOutput(startTime, output, args...), err