extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-03 03:19:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Go back to generating docker0 rules when it is defined to Shorewall

Browse Source 
- Avoids issues after 'stop'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-03-04 09:27:47 -08:00
parent 3fb715740d
commit 9e41264671
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -629,7 +629,6 @@ sub process_stoppedrules() {
}
sub create_docker_rules() {
add_commands( $nat_table->{PREROUTING} , '[ -n "$g_docker" ] && echo "-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER" >&3' );
add_commands( $nat_table->{OUTPUT} , '[ -n "$g_docker" ] && echo "-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER" >&3' );
@ -637,8 +636,16 @@ sub create_docker_rules() {
add_commands( $chainref, '[ -n "$g_dockernetwork" ] && echo "-A FORWARD -j DOCKER-ISOLATION" >&3', );
if ( known_interface('docker0') ) {
add_commands( $filter_table->{FORWARD}, '[ -n "$g_docker" ] && echo "-A FORWARD -o docker0 -j DOCKER" >&3' );
if ( my $dockerref = known_interface('docker0') ) {
add_commands( $chainref, 'if [ -n "$g_docker" ]; then' );
incr_cmd_level( $chainref );
add_ijump( $chainref, j => 'DOCKER', o => 'docker0' );
add_ijump( $chainref, j => 'ACCEPT', i => 'docker0', o => '! docker0' );
add_ijump( $chainref, j => 'ACCEPT', i => 'docker0', o => 'docker0' ) if $dockerref->{options}{routeback};
decr_cmd_level( $chainref );
add_commands( $chainref, 'fi' );
} else {
add_commands( $chainref, '[ -n "$g_docker" ] && echo "-A FORWARD -o docker0 -j DOCKER" >&3' );
}
add_commands( $chainref, '[ -f ${VARDIR}/.filter_FORWARD ] && cat $VARDIR/.filter_FORWARD >&3', );