Usuario de OpenSUSE 15.3 aquí. Rompí las reglas predeterminadas creadas por Docker en iptables y no sé cómo repararlo. Ya intenté reinstalar Docker. Esto es lo que sucede:
vm-dev:~ # systemctl start docker
vm-dev:~ # tail /var/log/messages | grep firewalld
2022-04-21T00:53:25.607359-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables: No chain/target/match by that name.
2022-04-21T00:53:25.610567-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule exist in that chain?).
2022-04-21T00:53:25.614009-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D OUTPUT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
2022-04-21T00:53:25.646315-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
2022-04-21T00:53:25.649905-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
2022-04-21T00:53:25.705446-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
2022-04-21T00:53:25.890988-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Luego, cada vez que lo hago firewall-cmd --reload, obtengo:
2022-04-21T00:53:35.536326-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Aquí hay información adicional de los comentarios:
vm-dev:~ # iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Alguna información adicional solicitada por @4snok:
vm-dev:~ # find /etc/firewalld/ -name "*.xml"
/etc/firewalld/lockdown-whitelist.xml
/etc/firewalld/zones/public.xml
/etc/firewalld/zones/trusted.xml
/etc/firewalld/zones/docker.xml
vm-dev:~ # cat /etc/firewalld/zones/docker.xml
<?xml version="1.0" encoding="utf-8"?>
<zone version="1.0" target="ACCEPT">
<short>docker</short>
<description>zone for docker bridge network interfaces</description>
<interface name="docker0"/>
</zone>
Actualmente no tengo ninguna ventana acoplable ejecutándose. De hecho, desinstalé Docker, lo eliminé /var/lib/dockerpor completo, luego lo reinstalé y los errores siguen presentes. La docker0interfaz está en la dockerzona en firewalld. No veo nada especial ahí. ¿Qué debo hacer para corregir estos errores? Cualquier ayuda sería apreciada.