p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,758 Commits 2 Branches 295 Tags
6380330c31e9d9b414fec229dab65bb29b9cfc19
Commit Graph

9 Commits

Author SHA1 Message Date
Victor Vieux
54c61632f8 use stderr to debug iptables 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 5708aa62f36eadca5ada235ca05fddeb1510c1c6
Component: engine
 2014-05-30 19:39:42 +00:00
Giuseppe Mazzotta
ee4e3699c5 * do not consider iptables' output an error in case of xtables lock 
Docker-DCO-1.1-Signed-off-by: Giuseppe Mazzotta <gdm85@users.noreply.github.com> (github: gdm85)
Upstream-commit: 5e3b643ce6f43d02fc7fe88eba41d583044a2efd
Component: engine
 2014-05-29 15:57:29 +02:00
Michael Crosby
b33af77b2c Add check for iptables xlock support 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 034babf1753741184c1155a7346ecec86fc51e2c
Component: engine
 2014-05-23 14:18:50 -07:00
Michael Crosby
d002ab21b5 Add wait flag to iptables 
Fixes #1573
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b315c380f4acd65cc0428009702f99a266f96c59
Component: engine
 2014-05-23 01:24:58 +00:00
Michael Crosby
6caf919b33 Revert "Support hairpin NAT without going through docker server" 
This reverts commit b39d02b611f1cc0af283f417b73bf0d36f26277a.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 63c303eecdbaf4dc7967fd51b82cd447c778cecc
Component: engine
 2014-04-09 11:55:08 +00:00
Darren Shepherd
410076baa7 Support hairpin NAT without going through docker server 
Hairpin NAT is currently done by passing through the docker server.  If
two containers on the same box try to access each other through exposed
ports and using the host IP the current iptables rules will not match the
DNAT and thus the traffic goes to 'docker -d'

This change drops the restriction that DNAT traffic must not originate
from docker0.  It should be safe to drop this restriction because the
DOCKER chain is already gated by jumps that check for the destination
address to be a local address.

Docker-DCO-1.1-Signed-off-by: Darren Shepherd <darren.s.shepherd@gmail.com> (github: ibuildthecloud)
Upstream-commit: b39d02b611f1cc0af283f417b73bf0d36f26277a
Component: engine
 2014-03-03 21:53:57 -07:00
Josh Poimboeuf
126d36548e iptables: use dest_addr and dest_port for public port FORWARD rule 
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
Upstream-commit: ea63ade772445591e78b42a36fa0dcfffa4a9f1a
Component: engine
 2014-02-04 11:32:50 -06:00
Josh Poimboeuf
261cb491a3 network: add publicly mapped ports to FORWARD table 
Allow publicly mapped ports to be made public beyond the host.  This is
needed for distros like Fedora and RHEL which have a reject all rule at
the end of their FORWARD table.

Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
Upstream-commit: db250f709ad5bcee313710d34e0b6ef02abdc326
Component: engine
 2014-01-28 13:11:49 -06:00
Solomon Hykes
d5d32a285c Move utility package 'iptables' to pkg/iptables 
Upstream-commit: 7799ae27ca1dd85761f0595346a0dda15bbeda6c
Component: engine
 2014-01-06 15:41:24 -08:00