OpenSUSE 15.3 用户在这里。我破坏了 docker 在 iptables 上创建的默认规则,不知道如何修复。我已经尝试重新安装 docker。以下是发生的情况:
vm-dev:~ # systemctl start docker
vm-dev:~ # tail /var/log/messages | grep firewalld
2022-04-21T00:53:25.607359-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables: No chain/target/match by that name.
2022-04-21T00:53:25.610567-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule exist in that chain?).
2022-04-21T00:53:25.614009-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D OUTPUT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
2022-04-21T00:53:25.646315-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
2022-04-21T00:53:25.649905-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
2022-04-21T00:53:25.705446-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
2022-04-21T00:53:25.890988-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
然后,每次我这样做firewall-cmd --reload,我都会得到:
2022-04-21T00:53:35.536326-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
以下是来自评论的一些附加信息:
vm-dev:~ # iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
@4snok 要求的一些附加信息:
vm-dev:~ # find /etc/firewalld/ -name "*.xml"
/etc/firewalld/lockdown-whitelist.xml
/etc/firewalld/zones/public.xml
/etc/firewalld/zones/trusted.xml
/etc/firewalld/zones/docker.xml
vm-dev:~ # cat /etc/firewalld/zones/docker.xml
<?xml version="1.0" encoding="utf-8"?>
<zone version="1.0" target="ACCEPT">
<short>docker</short>
<description>zone for docker bridge network interfaces</description>
<interface name="docker0"/>
</zone>
我目前没有运行docker。事实上,我卸载了docker,/var/lib/docker完全删除,然后重新安装,错误仍然存在。docker0界面位于docker区域中firewalld。我没有看到任何特殊的东西。我需要做什么来修复这些错误?任何帮助都将不胜感激。