Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Respect icc option for internal networks #1525

Merged
merged 1 commit into from
Nov 2, 2016
Merged

Respect icc option for internal networks #1525

merged 1 commit into from
Nov 2, 2016

Conversation

aboch
Copy link
Contributor

@aboch aboch commented Oct 28, 2016

Related to moby/moby#26724

$ docker network create --opt com.docker.network.bridge.enable_icc=false --internal nicc
a13d820de6c06810fa2797853faba7793bdf135f097c137fddd9c188b67ba1b3
$ 
$ docker run -d --name c1 --network nicc busybox top
fcbb2b8db5a54f64f99c68856a18a626e9fa00af4f3ce63aa1ff8cb875520d3b
$ docker run -d --name c2 --network nicc busybox top
89307983319a362170fb0922ad92444f7f3572b343699151e805d81beabccc7c
$ docker exec c1 ping -c 2 c2
^C
$ sudo iptables -nvL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    2   168 DOCKER-ISOLATION  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
    2   168 DROP       all  --  br-a13d820de6c0 br-a13d820de6c0  0.0.0.0/0            0.0.0.0/0           <-- <--
$

Signed-off-by: Alessandro Boch aboch@docker.com

Signed-off-by: Alessandro Boch <aboch@docker.com>
@mrjana
Copy link
Contributor

mrjana commented Nov 2, 2016

LGTM

1 similar comment
@sanimej
Copy link

sanimej commented Nov 2, 2016

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants