GitList

Browse code

IPv6 iptables config option

Sebastiaan van Stijn authored on 2020/12/07 19:59:42
Showing 3 changed files

@@ -34,6 +34,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
                      	flags.BoolVar(&conf.EnableSelinuxSupport, "selinux-enabled", false, "Enable selinux support")
                      	flags.Var(opts.NewNamedUlimitOpt("default-ulimits", &conf.Ulimits), "default-ulimit", "Default ulimits for containers")
                      	flags.BoolVar(&conf.BridgeConfig.EnableIPTables, "iptables", true, "Enable addition of iptables rules")
                     +	flags.BoolVar(&conf.BridgeConfig.EnableIP6Tables, "ip6tables", false, "Enable addition of ip6tables rules")
                      	flags.BoolVar(&conf.BridgeConfig.EnableIPForward, "ip-forward", true, "Enable net.ipv4.ip_forward")
                      	flags.BoolVar(&conf.BridgeConfig.EnableIPMasq, "ip-masq", true, "Enable IP masquerading")
                      	flags.BoolVar(&conf.BridgeConfig.EnableIPv6, "ipv6", false, "Enable IPv6 networking")

@@ -54,6 +54,7 @@ type BridgeConfig struct {
                      	// Fields below here are platform specific.
                      	EnableIPv6          bool   `json:"ipv6,omitempty"`
                      	EnableIPTables      bool   `json:"iptables,omitempty"`
                     +	EnableIP6Tables     bool   `json:"ip6tables,omitempty"`
                      	EnableIPForward     bool   `json:"ip-forward,omitempty"`
                      	EnableIPMasq        bool   `json:"ip-masq,omitempty"`
                      	EnableUserlandProxy bool   `json:"userland-proxy,omitempty"`

@@ -746,6 +746,9 @@ func verifyDaemonSettings(conf *config.Config) error {
                      	if !conf.BridgeConfig.EnableIPTables && !conf.BridgeConfig.InterContainerCommunication {
                      		return fmt.Errorf("You specified --iptables=false with --icc=false. ICC=false uses iptables to function. Please set --icc or --iptables to true")
+                     	}
                     +	if conf.BridgeConfig.EnableIP6Tables && !conf.Experimental {
                     +		return fmt.Errorf("ip6tables rules are only available if experimental features are enabled")
                     +	}
                      	if !conf.BridgeConfig.EnableIPTables && conf.BridgeConfig.EnableIPMasq {
                      		conf.BridgeConfig.EnableIPMasq = false
+                     	}
@@ -911,6 +914,7 @@ func driverOptions(config *config.Config) []nwconfig.Option {
                      	bridgeConfig := options.Generic{
                      		"EnableIPForwarding":  config.BridgeConfig.EnableIPForward,
                      		"EnableIPTables":      config.BridgeConfig.EnableIPTables,
                     +		"EnableIP6Tables":     config.BridgeConfig.EnableIP6Tables,
                      		"EnableUserlandProxy": config.BridgeConfig.EnableUserlandProxy,
                      		"UserlandProxyPath":   config.BridgeConfig.UserlandProxyPath}
                      	bridgeOption := options.Generic{netlabel.GenericData: bridgeConfig}