make iptables rules management fail gracefully #797
Labels
bug
Something isn't working
Comments
|
Docs say that both chains are used by docker?
Agree on the last point. |
|
Looks like the originally reported issue was captured on a system where
chains were manually screwed up. Will update this when I get more details.
As of now it seems when people install docker via apt/yum the docker chains
are not there. Maybe something like docker service is missing with such
installations, not sure
…On Wed, 23 Feb 2022 at 12:07, Sergey ***@***.***> wrote:
Docs say that both chains are used by docker?
https://docs.docker.com/network/iptables/
Docker installs two custom iptables chains named DOCKER-USER and DOCKER,
and it ensures that incoming packets are always checked by these two chains
first.
All of Docker’s iptables rules are added to the DOCKER chain. Do not
manipulate this chain manually. If you need to add rules which load before
Docker’s rules, add them to the DOCKER-USER chain. These rules are applied
before any rules Docker creates automatically.
Agree on the last point.
—
Reply to this email directly, view it on GitHub
<#797 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABLKV5MCSZESKMCTNRIMSMLU4S5Y7ANCNFSM5PD7S2GA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Maybe docker/for-linux#810 |
hellt
changed the title
|
Ok so docker-user first became available in 17.06 |
|
great. It is a miracle clab even worked with docker-1.13.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Quite often users install docker via a package manager. Sometimes this results in docker to be installed without docker-managed iptables rules in place.
We need not to stop deployment/destroy when iptables errors occur, instead we should emit a warning error and keep moving
The text was updated successfully, but these errors were encountered: