| What | Removed | Added |
|---|---|---|
| CC | rsblendido@suse.com |
Docker 1.3 is adding the DROP rule for the FORWARD chain when net.ipv4.ip_forward is disabled [1]. This makes sense to me because if docker enables the ip forwarding, it should "protect" the host at least, otherwise it would exposed the host to vulnerabilities [2]. I don't think we need to prevent docker from adding the DROP rule if ip forwarding was not enabled, maybe we should just document to enable net.ipv4.ip_forward if that's what the user want to do ? [1] https://github.com/docker/libnetwork/pull/1526 [2] https://github.com/moby/moby/issues/14041