Skip to content

Commit

Permalink
Add DOCKER_IPTABLES_LEGACY for letting users explicitly pick `iptab…
Browse files Browse the repository at this point in the history
…les-legacy`

via `--env DOCKER_IPTABLES_LEGACY=1`
  • Loading branch information
tianon committed Dec 19, 2023
1 parent 0019fcc commit adfaf30
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 3 deletions.
11 changes: 10 additions & 1 deletion 24/dind/dockerd-entrypoint.sh

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 10 additions & 1 deletion 25-rc/dind/dockerd-entrypoint.sh

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 10 additions & 1 deletion dockerd-entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,15 @@ if [ "$1" = 'dockerd' ]; then
set -- docker-init -- "$@"

iptablesLegacy=
if [ -s /proc/net/ip_tables_names ] || [ -s /proc/net/ip6_tables_names ] || [ -s /proc/net/arp_tables_names ]; then
if [ -n "${DOCKER_IPTABLES_LEGACY+x}" ]; then
# let users choose explicitly to legacy or not to legacy
iptablesLegacy="$DOCKER_IPTABLES_LEGACY"
if [ -n "$iptablesLegacy" ]; then
modprobe ip_tables || :
else
modprobe nf_tables || :
fi
elif [ -s /proc/net/ip_tables_names ] || [ -s /proc/net/ip6_tables_names ] || [ -s /proc/net/arp_tables_names ]; then
# https://git.netfilter.org/iptables/tree/iptables/nft-shared.c?id=f5cf76626d95d2c491a80288bccc160c53b44e88#n420
# if we already have any "legacy" iptables rules, we should always use legacy (https://github.com/docker-library/docker/pull/468#discussion_r1430804593)
iptablesLegacy=1
Expand All @@ -166,6 +174,7 @@ if [ "$1" = 'dockerd' ]; then
# see https://github.com/docker-library/docker/issues/463 (and the dind Dockerfile where this directory is set up)
export PATH="/usr/local/sbin/.iptables-legacy:$PATH"
fi
iptables --version # so users can see whether it's legacy or not

uid="$(id -u)"
if [ "$uid" != '0' ]; then
Expand Down

0 comments on commit adfaf30

Please sign in to comment.