Browse code
Accept docker0 traffic regardless of firewall
Dan Winship authored on 2016/11/16 00:30:09Showing 1 changed files
| ... | ... |
@@ -93,7 +93,8 @@ func (n *NodeIPTables) getStaticNodeIPTablesRules() []FirewallRule {
|
| 93 | 93 |
return []FirewallRule{
|
| 94 | 94 |
{"nat", "POSTROUTING", []string{"-s", n.clusterNetworkCIDR, "-j", "MASQUERADE"}},
|
| 95 | 95 |
{"filter", "INPUT", []string{"-p", "udp", "-m", "multiport", "--dports", VXLAN_PORT, "-m", "comment", "--comment", "001 vxlan incoming", "-j", "ACCEPT"}},
|
| 96 |
- {"filter", "INPUT", []string{"-i", TUN, "-m", "comment", "--comment", "traffic from docker for internet", "-j", "ACCEPT"}},
|
|
| 96 |
+ {"filter", "INPUT", []string{"-i", TUN, "-m", "comment", "--comment", "traffic from SDN", "-j", "ACCEPT"}},
|
|
| 97 |
+ {"filter", "INPUT", []string{"-i", "docker0", "-m", "comment", "--comment", "traffic from docker", "-j", "ACCEPT"}},
|
|
| 97 | 98 |
{"filter", "FORWARD", []string{"-d", n.clusterNetworkCIDR, "-j", "ACCEPT"}},
|
| 98 | 99 |
{"filter", "FORWARD", []string{"-s", n.clusterNetworkCIDR, "-j", "ACCEPT"}},
|
| 99 | 100 |
} |