func setupIPTables(config *NetworkConfiguration, i *bridgeInterface) error { // Sanity check. if config.EnableIPTables == false { return IPTableCfgError(config.BridgeName) } hairpinMode := !config.EnableUserlandProxy addrv4, _, err := netutils.GetIfaceAddr(config.BridgeName) if err != nil { return fmt.Errorf("Failed to setup IP tables, cannot acquire Interface address: %s", err.Error()) } if err = setupIPTablesInternal(config.BridgeName, addrv4, config.EnableICC, config.EnableIPMasquerade, hairpinMode, true); err != nil { return fmt.Errorf("Failed to Setup IP tables: %s", err.Error()) } _, err = iptables.NewChain(DockerChain, config.BridgeName, iptables.Nat, hairpinMode) if err != nil { return fmt.Errorf("Failed to create NAT chain: %s", err.Error()) } chain, err := iptables.NewChain(DockerChain, config.BridgeName, iptables.Filter, hairpinMode) if err != nil { return fmt.Errorf("Failed to create FILTER chain: %s", err.Error()) } portMapper.SetIptablesChain(chain) return nil }
func setupIPChains(config *configuration) (*iptables.ChainInfo, *iptables.ChainInfo, error) { // Sanity check. if config.EnableIPTables == false { return nil, nil, fmt.Errorf("Cannot create new chains, EnableIPTable is disabled") } hairpinMode := !config.EnableUserlandProxy natChain, err := iptables.NewChain(DockerChain, iptables.Nat, hairpinMode) if err != nil { return nil, nil, fmt.Errorf("Failed to create NAT chain: %s", err.Error()) } defer func() { if err != nil { if err := iptables.RemoveExistingChain(DockerChain, iptables.Nat); err != nil { logrus.Warnf("Failed on removing iptables NAT chain on cleanup: %v", err) } } }() filterChain, err := iptables.NewChain(DockerChain, iptables.Filter, hairpinMode) if err != nil { return nil, nil, fmt.Errorf("Failed to create FILTER chain: %s", err.Error()) } return natChain, filterChain, nil }