Problem with iptables and Docker - not clean rules after stop/remove containers from stack

Just about everything is virtual these days. Topics relating to virutalization go here.

Moderator: Lillian.W@AST

Post Reply
wolvverine
Posts: 26
youtube meble na wymiar Warszawa
Joined: Tue Dec 12, 2017 5:36 pm

Problem with iptables and Docker - not clean rules after stop/remove containers from stack

Post by wolvverine »

Ticket: #43381
Problem with iptables and Docker - not clean rules after stop/remove containers from stack

From logs some errors when start/stop docker:

"WARN[2021-10-04T23:26:41.987687619+02:00] Running modprobe bridge br_netfilter failed with message: modprobe: invalid option -- 'a'
BusyBox v1.31.1 (2021-08-30 23:57:59 CST) multi-call binary.

Usage: modprobe [-rq] MODULE [SYMBOL=VALUE]...

-r Remove MODULE
-q Quiet
, error: exit status 1"

modprobe command in ADM do not have option for modprobe:
-a, --all
Insert all module names on the command line.

example:

# modprobe -a bridge br_netfilter
modprobe: invalid option -- 'a'
BusyBox v1.31.1 (2021-08-30 23:57:59 CST) multi-call binary.

Usage: modprobe [-rq] MODULE [SYMBOL=VALUE]...

-r Remove MODULE
-q Quiet



# modprobe --all bridge br_netfilter
modprobe: unrecognized option '--all'
BusyBox v1.31.1 (2021-08-30 23:57:59 CST) multi-call binary.

Usage: modprobe [-rq] MODULE [SYMBOL=VALUE]...

-r Remove MODULE
-q Quiet



"WARN[2021-10-04T23:26:42.022771064+02:00] Failed to find ip6tables: exec: "ip6tables": executable file not found in $PATH"

ADM do not have ip6tables command

How to test:
log to root console and save output for:
iptables -S

few time redeploy, stop, start stack in portainer, example:

https://github.com/Wolvverine/internet- ... ompose.yml

and result:

Code: Select all

...
-A DOCKER -d 172.20.0.4/32 ! -i br-3e1a7e7fee54 -o br-3e1a7e7fee54 -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER -d 172.20.0.2/32 ! -i br-3e1a7e7fee54 -o br-3e1a7e7fee54 -p tcp -m tcp --dport 9097 -j ACCEPT
-A DOCKER -d 172.20.0.3/32 ! -i br-3e1a7e7fee54 -o br-3e1a7e7fee54 -p tcp -m tcp --dport 9798 -j ACCEPT
-A DOCKER -d 172.20.0.5/32 ! -i br-3e1a7e7fee54 -o br-3e1a7e7fee54 -p tcp -m tcp --dport 9115 -j ACCEPT
-A DOCKER -d 172.20.0.6/32 ! -i br-3e1a7e7fee54 -o br-3e1a7e7fee54 -p tcp -m tcp --dport 9100 -j ACCEPT
-A DOCKER -d 172.19.0.2/32 ! -i br-aa0d50a6092c -o br-aa0d50a6092c -p tcp -m tcp --dport 9710 -j ACCEPT
-A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9117 -j ACCEPT
-A DOCKER -d 172.22.0.2/32 ! -i br-5b1a513c3aec -o br-5b1a513c3aec -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER -d 172.19.0.2/32 ! -i br-5fa73e8688b2 -o br-5fa73e8688b2 -p tcp -m tcp --dport 9710 -j ACCEPT
-A DOCKER -d 172.20.0.2/32 ! -i br-bb3cacfc58e8 -o br-bb3cacfc58e8 -p tcp -m tcp --dport 9100 -j ACCEPT
-A DOCKER -d 172.20.0.3/32 ! -i br-bb3cacfc58e8 -o br-bb3cacfc58e8 -p tcp -m tcp --dport 9115 -j ACCEPT
-A DOCKER -d 172.20.0.4/32 ! -i br-bb3cacfc58e8 -o br-bb3cacfc58e8 -p tcp -m tcp --dport 9798 -j ACCEPT
-A DOCKER -d 172.20.0.5/32 ! -i br-bb3cacfc58e8 -o br-bb3cacfc58e8 -p tcp -m tcp --dport 9097 -j ACCEPT
-A DOCKER -d 172.20.0.6/32 ! -i br-bb3cacfc58e8 -o br-bb3cacfc58e8 -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER -d 172.22.0.2/32 ! -i br-f7758c8405cd -o br-f7758c8405cd -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER -d 172.23.0.2/32 ! -i br-68ec6ef1c805 -o br-68ec6ef1c805 -p tcp -m tcp --dport 9100 -j ACCEPT
-A DOCKER -d 172.23.0.3/32 ! -i br-68ec6ef1c805 -o br-68ec6ef1c805 -p tcp -m tcp --dport 9798 -j ACCEPT
-A DOCKER -d 172.23.0.4/32 ! -i br-68ec6ef1c805 -o br-68ec6ef1c805 -p tcp -m tcp --dport 9115 -j ACCEPT
-A DOCKER -d 172.23.0.5/32 ! -i br-68ec6ef1c805 -o br-68ec6ef1c805 -p tcp -m tcp --dport 9097 -j ACCEPT
-A DOCKER -d 172.23.0.6/32 ! -i br-68ec6ef1c805 -o br-68ec6ef1c805 -p tcp -m tcp --dport 3000 -j ACCEPT
...

The same situation with Portainer and Docker-Compose.
OzCam
Posts: 19
Joined: Thu Sep 09, 2021 6:16 pm

Re: Problem with iptables and Docker - not clean rules after stop/remove containers from stack

Post by OzCam »

I have had this too for docker instances i start from the command line.
wolvverine
Posts: 26
Joined: Tue Dec 12, 2017 5:36 pm

Re: Problem with iptables and Docker - not clean rules after stop/remove containers from stack

Post by wolvverine »

Add ticket in assustor suport , with link to Ticket: #43381
Post Reply

Return to “Virtualization”