It is currently Wed Dec 08, 2021 10:30 am
All times are UTC + 8 hours

Problem with iptables and Docker - not clean rules after stop/remove containers from stack

Just about everything is virtual these days. Topics relating to virutalization go here.

Problem with iptables and Docker - not clean rules after stop/remove containers from stack

Postby wolvverine » Sun Oct 10, 2021 4:30 am

Ticket: #43381
Problem with iptables and Docker - not clean rules after stop/remove containers from stack

From logs some errors when start/stop docker:

"WARN[2021-10-04T23:26:41.987687619+02:00] Running modprobe bridge br_netfilter failed with message: modprobe: invalid option -- 'a'
BusyBox v1.31.1 (2021-08-30 23:57:59 CST) multi-call binary.

Usage: modprobe [-rq] MODULE [SYMBOL=VALUE]...

-r Remove MODULE
-q Quiet
, error: exit status 1"

modprobe command in ADM do not have option for modprobe:
-a, --all
Insert all module names on the command line.

example:

# modprobe -a bridge br_netfilter
modprobe: invalid option -- 'a'
BusyBox v1.31.1 (2021-08-30 23:57:59 CST) multi-call binary.

Usage: modprobe [-rq] MODULE [SYMBOL=VALUE]...

-r Remove MODULE
-q Quiet



# modprobe --all bridge br_netfilter
modprobe: unrecognized option '--all'
BusyBox v1.31.1 (2021-08-30 23:57:59 CST) multi-call binary.

Usage: modprobe [-rq] MODULE [SYMBOL=VALUE]...

-r Remove MODULE
-q Quiet



"WARN[2021-10-04T23:26:42.022771064+02:00] Failed to find ip6tables: exec: "ip6tables": executable file not found in $PATH"

ADM do not have ip6tables command

How to test:
log to root console and save output for:
iptables -S

few time redeploy, stop, start stack in portainer, example:

https://github.com/Wolvverine/internet- ... ompose.yml

and result:

Code: Select all
...
-A DOCKER -d 172.20.0.4/32 ! -i br-3e1a7e7fee54 -o br-3e1a7e7fee54 -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER -d 172.20.0.2/32 ! -i br-3e1a7e7fee54 -o br-3e1a7e7fee54 -p tcp -m tcp --dport 9097 -j ACCEPT
-A DOCKER -d 172.20.0.3/32 ! -i br-3e1a7e7fee54 -o br-3e1a7e7fee54 -p tcp -m tcp --dport 9798 -j ACCEPT
-A DOCKER -d 172.20.0.5/32 ! -i br-3e1a7e7fee54 -o br-3e1a7e7fee54 -p tcp -m tcp --dport 9115 -j ACCEPT
-A DOCKER -d 172.20.0.6/32 ! -i br-3e1a7e7fee54 -o br-3e1a7e7fee54 -p tcp -m tcp --dport 9100 -j ACCEPT
-A DOCKER -d 172.19.0.2/32 ! -i br-aa0d50a6092c -o br-aa0d50a6092c -p tcp -m tcp --dport 9710 -j ACCEPT
-A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9117 -j ACCEPT
-A DOCKER -d 172.22.0.2/32 ! -i br-5b1a513c3aec -o br-5b1a513c3aec -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER -d 172.19.0.2/32 ! -i br-5fa73e8688b2 -o br-5fa73e8688b2 -p tcp -m tcp --dport 9710 -j ACCEPT
-A DOCKER -d 172.20.0.2/32 ! -i br-bb3cacfc58e8 -o br-bb3cacfc58e8 -p tcp -m tcp --dport 9100 -j ACCEPT
-A DOCKER -d 172.20.0.3/32 ! -i br-bb3cacfc58e8 -o br-bb3cacfc58e8 -p tcp -m tcp --dport 9115 -j ACCEPT
-A DOCKER -d 172.20.0.4/32 ! -i br-bb3cacfc58e8 -o br-bb3cacfc58e8 -p tcp -m tcp --dport 9798 -j ACCEPT
-A DOCKER -d 172.20.0.5/32 ! -i br-bb3cacfc58e8 -o br-bb3cacfc58e8 -p tcp -m tcp --dport 9097 -j ACCEPT
-A DOCKER -d 172.20.0.6/32 ! -i br-bb3cacfc58e8 -o br-bb3cacfc58e8 -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER -d 172.22.0.2/32 ! -i br-f7758c8405cd -o br-f7758c8405cd -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER -d 172.23.0.2/32 ! -i br-68ec6ef1c805 -o br-68ec6ef1c805 -p tcp -m tcp --dport 9100 -j ACCEPT
-A DOCKER -d 172.23.0.3/32 ! -i br-68ec6ef1c805 -o br-68ec6ef1c805 -p tcp -m tcp --dport 9798 -j ACCEPT
-A DOCKER -d 172.23.0.4/32 ! -i br-68ec6ef1c805 -o br-68ec6ef1c805 -p tcp -m tcp --dport 9115 -j ACCEPT
-A DOCKER -d 172.23.0.5/32 ! -i br-68ec6ef1c805 -o br-68ec6ef1c805 -p tcp -m tcp --dport 9097 -j ACCEPT
-A DOCKER -d 172.23.0.6/32 ! -i br-68ec6ef1c805 -o br-68ec6ef1c805 -p tcp -m tcp --dport 3000 -j ACCEPT
...



The same situation with Portainer and Docker-Compose.
wolvverine
 
Posts: 20
Joined: Tue Dec 12, 2017 5:36 pm

Re: Problem with iptables and Docker - not clean rules after stop/remove containers from stack

Postby OzCam » Wed Oct 13, 2021 12:38 am

I have had this too for docker instances i start from the command line.
OzCam
 
Posts: 19
Joined: Thu Sep 09, 2021 6:16 pm

Re: Problem with iptables and Docker - not clean rules after stop/remove containers from stack

Postby wolvverine » Fri Oct 15, 2021 4:57 pm

Add ticket in assustor suport , with link to Ticket: #43381
wolvverine
 
Posts: 20
Joined: Tue Dec 12, 2017 5:36 pm

Return to Virtualization

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 1 guest