Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Respect icc option for internal networks #1525

Merged
merged 1 commit into from
Nov 2, 2016
Merged

Respect icc option for internal networks #1525

merged 1 commit into from
Nov 2, 2016

Conversation

aboch
Copy link
Contributor

@aboch aboch commented Oct 28, 2016

Related to moby/moby#26724

$ docker network create --opt com.docker.network.bridge.enable_icc=false --internal nicc
a13d820de6c06810fa2797853faba7793bdf135f097c137fddd9c188b67ba1b3
$ 
$ docker run -d --name c1 --network nicc busybox top
fcbb2b8db5a54f64f99c68856a18a626e9fa00af4f3ce63aa1ff8cb875520d3b
$ docker run -d --name c2 --network nicc busybox top
89307983319a362170fb0922ad92444f7f3572b343699151e805d81beabccc7c
$ docker exec c1 ping -c 2 c2
^C
$ sudo iptables -nvL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    2   168 DOCKER-ISOLATION  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
    2   168 DROP       all  --  br-a13d820de6c0 br-a13d820de6c0  0.0.0.0/0            0.0.0.0/0           <-- <--
$

Signed-off-by: Alessandro Boch aboch@docker.com

@aboch
Respect icc option for internal networks
59d91e5 
Signed-off-by: Alessandro Boch <aboch@docker.com>
@mrjana
Copy link
Contributor

mrjana commented Nov 2, 2016

LGTM

1 similar comment
@sanimej
Copy link

sanimej commented Nov 2, 2016

LGTM

@sanimej sanimej merged commit bac1f2f into moby:master Nov 2, 2016
@aboch aboch deleted the icc branch November 16, 2016 18:21
@diekmann diekmann mentioned this pull request Dec 5, 2016
Closed
@aboch aboch mentioned this pull request Dec 5, 2016
Merged
@vincentwoo vincentwoo mentioned this pull request Dec 13, 2016
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
status/2-needs-code-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@aboch @mrjana @sanimej @GordonTheTurtle