From d2ff06e81d5f54e7610a5d30b266cc35cf78d6ba Mon Sep 17 00:00:00 2001
From: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
Date: Sat, 18 Feb 2017 00:33:48 +0100
Subject: [PATCH] Statically disable iptables management for docker

Docker 1.13 changes the behaviour of iptables defaults from allow
to drop. This patch disables docker's iptables management as it was
in Docker 1.12 [1]

[1] https://github.com/docker/docker/pull/28257

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
---
 inventory/group_vars/all.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 606f226be..adb183361 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -195,7 +195,7 @@ docker_daemon_graph: "/var/lib/docker"
 ## This string should be exactly as you wish it to appear.
 ## An obvious use case is allowing insecure-registry access
 ## to self hosted registries like so:
-docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }}"
+docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} --iptables=false"
 docker_bin_dir: "/usr/bin"
 
 ## Uncomment this if you want to force overlay/overlay2 as docker storage driver