Merge pull request #49525 from robmry/startup_ip6_disabled

Fix daemon startup on a no-IPv6 host
2026-01-11 10:41:43 +00:00 · 2025-02-24 20:51:10 +00:00
parent cd0ceff232 8cc4d1d4a2
commit f344ab14b3
1 changed files with 16 additions and 7 deletions
--- a/libnetwork/drivers/bridge/bridge_linux.go
+++ b/libnetwork/drivers/bridge/bridge_linux.go
@@ -466,8 +466,8 @@ func (n *bridgeNetwork) getEndpoint(eid string) (*bridgeEndpoint, error) {
 	return nil, nil
 }

-// Install/Removes the iptables rules needed to isolate this network
-// from each of the other networks
+// Install (enable=true) or remove (enable=false) the iptables rules needed to isolate this network
+// from each of the other bridge networks
 func (n *bridgeNetwork) isolateNetwork(enable bool) error {
 	n.Lock()
 	thisConfig := n.config
@@ -477,15 +477,24 @@ func (n *bridgeNetwork) isolateNetwork(enable bool) error {
 		return nil
 	}

-	// Install the rules to isolate this network against each of the other networks
 	if n.driver.config.EnableIPTables {
-		if err := setINC(iptables.IPv4, thisConfig.BridgeName, thisConfig.GwModeIPv4, enable); err != nil {
-			return err
+		// Only create the rules if the network has IPv4 enabled. But, always delete
+		// rules, in case they were set up by an older daemon that didn't check whether
+		// the network has IPv4.
+		if !enable || thisConfig.EnableIPv4 {
+			if err := setINC(iptables.IPv4, thisConfig.BridgeName, thisConfig.GwModeIPv4, enable); err != nil {
+				return err
+			}
 		}
 	}
 	if n.driver.config.EnableIP6Tables {
-		if err := setINC(iptables.IPv6, thisConfig.BridgeName, thisConfig.GwModeIPv6, enable); err != nil {
-			return err
+		// Only create the rules if the network has IPv6 enabled. But, always delete
+		// rules, in case they were set up by an older daemon that didn't check whether
+		// the network has IPv6.
+		if !enable || thisConfig.EnableIPv6 {
+			if err := setINC(iptables.IPv6, thisConfig.BridgeName, thisConfig.GwModeIPv6, enable); err != nil {
+				return err
+			}
 		}
 	}