dockerdocker-composeubuntu-18.04

Docker-compose: must disable firewall and restart docker service when docker-compuse up

I start learning how to use Docker and docker-compose and everytime I reboot my computer, I got this message when I do a docker-compose up:

Creating network "dockerlemp_default" with the default driver

ERROR: Failed to program FILTER chain: iptables failed: iptables --wait -I FORWARD -o br-74bd0d3628e8 -j DOCKER: iptables v1.6.1: Couldn't load target `DOCKER':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.

Once the firewall disabled by doing the command sudo ufw disable and once the docker service restarted by the command systemctl restart docker, I can up my docker-compose normally. But I have to do it everytime I reboot.

Can someone explain me what the issue is with the iptables and how to fix this definitely ? Thank you very much.

FYI, here is my setup:

Lenovo Ideapad 510S-08ISH - Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz

Ubuntu 18.04.3 LTS Bionic (window manager i3wm)

Docker 18.09.7

docker-compose 1.17.1

Solution

  • The last Docker versions do manipulate with iptables's rules in enough correct manner, even on Debian/Ubuntu (you don't use selinux, do you?). So this error means that some libs/configs are broken. Try the following steps:

    1. Check if chain DOCKER presents in iptables's rules (iptables --list-rules | grep '\-N\ DOCKER'). If it doesn't, then you can add the command iptables -N DOCKER to if-pre-up script (/etc/network/if-pre-up.d/iptables). It's just workaround, the better solution is to reinstall iptables and/or docker The latter depends on how you installed it. Maybe it makes sense to change the method (apt-get install docker.io instead wget -qO- https://get.docker.com/ | sh and vise versa). In that case don't forget to uninstall Docker first.
    2. If DOCKER chain presents, then check if you have iptables-restore command in if-pre-up script (usually /etc/network/if-pre-up.d/iptables). If yes, then try to re-create the source file for iptables-restore or even temprorary disable iptables-restore.
    3. Check your Docker configs (/etc/docker/daemon.json and /etc/default/docker). Perhaps some application has written some unwanted options there.