A little refactor of the ./pkg/log so engine can have a logger instance
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: 92df943fbf225d78b160babb36e9c6fd38cdc0d0
Component: engine
If iptables version is < 1.4.11, try to delete the rule vs. checking if it exists. Fixes#6831.
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jfrazelle@users.noreply.github.com> (github: jfrazelle)
Upstream-commit: f3a68ffa390fb851115c77783fa4031f1d3b2995
Component: engine
Hairpin NAT is currently done by passing through the docker server. If
two containers on the same box try to access each other through exposed
ports and using the host IP the current iptables rules will not match the
DNAT and thus the traffic goes to 'docker -d'
This change drops the restriction that DNAT traffic must not originate
from docker0. It should be safe to drop this restriction because the
DOCKER chain is already gated by jumps that check for the destination
address to be a local address.
Docker-DCO-1.1-Signed-off-by: Darren Shepherd <darren.s.shepherd@gmail.com> (github: ibuildthecloud)
Upstream-commit: b39d02b611f1cc0af283f417b73bf0d36f26277a
Component: engine
Allow publicly mapped ports to be made public beyond the host. This is
needed for distros like Fedora and RHEL which have a reject all rule at
the end of their FORWARD table.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
Upstream-commit: db250f709ad5bcee313710d34e0b6ef02abdc326
Component: engine
