OpenSUSE 15.3 사용자는 여기에 있습니다. iptables에서 docker가 생성한 기본 규칙을 위반했으며 이를 복구하는 방법을 알 수 없습니다. 이미 도커를 다시 설치해 보았습니다. 일어나는 일은 다음과 같습니다.
vm-dev:~ # systemctl start docker
vm-dev:~ # tail /var/log/messages | grep firewalld
2022-04-21T00:53:25.607359-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables: No chain/target/match by that name.
2022-04-21T00:53:25.610567-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule exist in that chain?).
2022-04-21T00:53:25.614009-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D OUTPUT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
2022-04-21T00:53:25.646315-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
2022-04-21T00:53:25.649905-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
2022-04-21T00:53:25.705446-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
2022-04-21T00:53:25.890988-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
그러면 내가 할 때마다 다음과 같은 결과를 firewall-cmd --reload얻습니다.
2022-04-21T00:53:35.536326-04:00 vm-dev firewalld[19494]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
다음은 의견의 추가 정보입니다.
vm-dev:~ # iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
@4snok이 요청한 추가 정보:
vm-dev:~ # find /etc/firewalld/ -name "*.xml"
/etc/firewalld/lockdown-whitelist.xml
/etc/firewalld/zones/public.xml
/etc/firewalld/zones/trusted.xml
/etc/firewalld/zones/docker.xml
vm-dev:~ # cat /etc/firewalld/zones/docker.xml
<?xml version="1.0" encoding="utf-8"?>
<zone version="1.0" target="ACCEPT">
<short>docker</short>
<description>zone for docker bridge network interfaces</description>
<interface name="docker0"/>
</zone>
현재 실행 중인 도커가 없습니다. 실제로 docker를 제거하고 /var/lib/docker완전히 삭제한 후 다시 설치했는데 오류가 계속 발생합니다. 인터페이스 는 의 영역 docker0에 있습니다 . 거기에는 특별한 것이 보이지 않습니다. 이러한 오류를 수정하려면 어떻게 해야 합니까? 어떤 도움이라도 주시면 감사하겠습니다.dockerfirewalld