https://bugzilla.redhat.com/show_bug.cgi?id=1033606
--- Comment #5 from Marek Goldmann mgoldman@redhat.com --- We have following rules executed:
The systemd service (before docker starts):
/usr/sbin/sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
And docker runs this on its own:
lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-D FORWARD -i docker0 -o docker0 -j DROP] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-C FORWARD -i docker0 -o docker0 -j ACCEPT] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-t nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-t nat -D OUTPUT -m addrtype --dst-type LOCAL ! --dst 127.0.0.0/8 -j DOCKER] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-t nat -D PREROUTING -j DOCKER] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-t nat -D OUTPUT -j DOCKER] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-t nat -F DOCKER] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-t nat -X DOCKER] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-t nat -N DOCKER] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER] lis 26 10:43:15 mistress docker[11602]: [DEBUG] [iptables]: /usr/sbin/iptables, [-t nat -A OUTPUT -m addrtype --dst-type LOCAL ! --dst 127.0.0.0/8 -j DOCKER]