From 2fff6b442e9f39ea01bfd0f1078e220973ead8d5 Mon Sep 17 00:00:00 2001
From: Rob Murray <rob.murray@docker.com>
Date: Wed, 6 Aug 2025 16:43:36 +0100
Subject: [PATCH] check-config.sh: report IP forwarding sysctl state

Signed-off-by: Rob Murray <rob.murray@docker.com>
---
 contrib/check-config.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index af7d8a7de5..3e910ae956 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -128,6 +128,16 @@ check_device() {
 	fi
 }
 
+check_sysctl() {
+	val=$(sysctl -n $1)
+	want=$2
+	if [ "$val" = "$want" ]; then
+		wrap_good "sysctl $1" "enabled"
+	else
+		wrap_bad "sysctl $1" "disabled"
+	fi
+}
+
 if [ ! -e "$CONFIG" ]; then
 	wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config ..."
 	for tryConfig in $possibleConfigs; do
@@ -343,6 +353,10 @@ if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY;
 fi
 
 echo '- Network Drivers:'
+echo "  - \"$(wrap_color 'bridge' blue)\":"
+check_sysctl net.ipv4.ip_forward 1 | sed 's/^/    - /'
+check_sysctl net.ipv6.conf.all.forwarding 1 | sed 's/^/    - /'
+check_sysctl net.ipv6.conf.default.forwarding 1 | sed 's/^/    - /'
 echo "  - \"$(wrap_color 'overlay' blue)\":"
 check_flags VXLAN BRIDGE_VLAN_FILTERING | sed 's/^/    /'
 echo '      Optional (for encrypted networks):'