http://bugzilla.suse.com/show_bug.cgi?id=1053231 http://bugzilla.suse.com/show_bug.cgi?id=1053231#c15 Rossella Sblendido <rsblendido@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rsblendido@suse.com --- Comment #15 from Rossella Sblendido <rsblendido@suse.com> --- Docker 1.3 is adding the DROP rule for the FORWARD chain when net.ipv4.ip_forward is disabled [1]. This makes sense to me because if docker enables the ip forwarding, it should "protect" the host at least, otherwise it would exposed the host to vulnerabilities [2]. I don't think we need to prevent docker from adding the DROP rule if ip forwarding was not enabled, maybe we should just document to enable net.ipv4.ip_forward if that's what the user want to do ? [1] https://github.com/docker/libnetwork/pull/1526 [2] https://github.com/moby/moby/issues/14041 -- You are receiving this mail because: You are on the CC list for the bug.