containernetworking
diff --git a/‎Godeps/Godeps.json
Lines changed: 2 additions & 2 deletions b/‎Godeps/Godeps.json
Lines changed: 2 additions & 2 deletions
diff --git a/‎pkg/ip/ipmasq_linux.go
Lines changed: 9 additions & 2 deletions b/‎pkg/ip/ipmasq_linux.go
Lines changed: 9 additions & 2 deletions
diff --git a/‎plugins/main/ptp/README.md
Lines changed: 1 addition & 1 deletion b/‎plugins/main/ptp/README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎vendor/github.com/coreos/go-iptables/iptables/iptables.go
Lines changed: 122 additions & 39 deletions b/‎vendor/github.com/coreos/go-iptables/iptables/iptables.go
Lines changed: 122 additions & 39 deletions
@@ -22,7 +22,7 @@ import (
 )
 
 // SetupIPMasq installs iptables rules to masquerade traffic
-// coming from ipn and going outside of it
+// coming from ip of ipn and going outside of ipn
 func SetupIPMasq(ipn *net.IPNet, chain string, comment string) error {
 	isV6 := ipn.IP.To4() == nil
 
@@ -70,7 +70,8 @@ func SetupIPMasq(ipn *net.IPNet, chain string, comment string) error {
 		return err
 	}
 
-	return ipt.AppendUnique("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment)
+	// Packets from the specific IP of this network will hit the chain
+	return ipt.AppendUnique("nat", "POSTROUTING", "-s", ipn.IP.String(), "-j", chain, "-m", "comment", "--comment", comment)
 }
 
 // TeardownIPMasq undoes the effects of SetupIPMasq
@@ -89,6 +90,12 @@ func TeardownIPMasq(ipn *net.IPNet, chain string, comment string) error {
 		return fmt.Errorf("failed to locate iptables: %v", err)
 	}
 
+	err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.IP.String(), "-j", chain, "-m", "comment", "--comment", comment)
+	if err != nil && !isNotExist(err) {
+		return err
+	}
+
+	// for downward compatibility
 	err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment)
 	if err != nil && !isNotExist(err) {
 		return err
 
@@ -26,7 +26,7 @@ The traffic of the container interface will be routed through the interface of t
 
 * `name` (string, required): the name of the network
 * `type` (string, required): "ptp"
-* `ipMasq` (boolean, optional): set up IP Masquerade on the host for traffic originating from this network and destined outside of it. Defaults to false.
+* `ipMasq` (boolean, optional): set up IP Masquerade on the host for traffic originating from ip of this network and destined outside of this network. Defaults to false.
 * `mtu` (integer, optional): explicitly set MTU to the specified value. Defaults to value chosen by the kernel.
 * `ipam` (dictionary, required): IPAM configuration to be used for this network.
 * `dns` (dictionary, optional): DNS information to return as described in the [Result](https://github.com/containernetworking/cni/blob/master/SPEC.md#result).