/usr/share/gocode/src/github.com/docker/libnetwork/drivers/bridge/setup_ip_forwarding.go is in golang-github-docker-libnetwork-dev 0.8.0-dev.2+git20170202.599.45b4086-3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | package bridge
import (
"fmt"
"io/ioutil"
"github.com/Sirupsen/logrus"
"github.com/docker/libnetwork/iptables"
)
const (
ipv4ForwardConf = "/proc/sys/net/ipv4/ip_forward"
ipv4ForwardConfPerm = 0644
)
func configureIPForwarding(enable bool) error {
var val byte
if enable {
val = '1'
}
return ioutil.WriteFile(ipv4ForwardConf, []byte{val, '\n'}, ipv4ForwardConfPerm)
}
func setupIPForwarding(enableIPTables bool) error {
// Get current IPv4 forward setup
ipv4ForwardData, err := ioutil.ReadFile(ipv4ForwardConf)
if err != nil {
return fmt.Errorf("Cannot read IP forwarding setup: %v", err)
}
// Enable IPv4 forwarding only if it is not already enabled
if ipv4ForwardData[0] != '1' {
// Enable IPv4 forwarding
if err := configureIPForwarding(true); err != nil {
return fmt.Errorf("Enabling IP forwarding failed: %v", err)
}
// When enabling ip_forward set the default policy on forward chain to
// drop only if the daemon option iptables is not set to false.
if !enableIPTables {
return nil
}
if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
if err := configureIPForwarding(false); err != nil {
logrus.Errorf("Disabling IP forwarding failed, %v", err)
}
return err
}
iptables.OnReloaded(func() {
logrus.Debug("Setting the default DROP policy on firewall reload")
if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
logrus.Warnf("Settig the default DROP policy on firewall reload failed, %v", err)
}
})
}
return nil
}
|