Browse code
network: add publicly mapped ports to FORWARD table
Allow publicly mapped ports to be made public beyond the host. This is
needed for distros like Fedora and RHEL which have a reject all rule at
the end of their FORWARD table.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
Josh Poimboeuf authored on 2014/01/25 13:22:53Showing 1 changed files
| ... | ... |
@@ -73,6 +73,23 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr str |
| 73 | 73 |
} else if len(output) != 0 {
|
| 74 | 74 |
return fmt.Errorf("Error iptables forward: %s", output)
|
| 75 | 75 |
} |
| 76 |
+ |
|
| 77 |
+ fAction := action |
|
| 78 |
+ if fAction == Add {
|
|
| 79 |
+ fAction = "-I" |
|
| 80 |
+ } |
|
| 81 |
+ if output, err := Raw(string(fAction), "FORWARD", |
|
| 82 |
+ "!", "-i", c.Bridge, |
|
| 83 |
+ "-o", c.Bridge, |
|
| 84 |
+ "-p", proto, |
|
| 85 |
+ "-d", daddr, |
|
| 86 |
+ "--dport", strconv.Itoa(port), |
|
| 87 |
+ "-j", "ACCEPT"); err != nil {
|
|
| 88 |
+ return err |
|
| 89 |
+ } else if len(output) != 0 {
|
|
| 90 |
+ return fmt.Errorf("Error iptables forward: %s", output)
|
|
| 91 |
+ } |
|
| 92 |
+ |
|
| 76 | 93 |
return nil |
| 77 | 94 |
} |
| 78 | 95 |
|