Docker IPTables and No-Chain Error

marc · March 6, 2018, 7:20pm

When Docker starts it registers a DOCKER chain into iptables to allow communication between ports exposed on the
containers it manages.

The iptables chain can be verified by running iptables -L

# iptables -L
...
Chain DOCKER (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9879
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9878
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9877
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9876
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9875
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9874
ACCEPT     tcp  --  anywhere             172.17.0.3           tcp dpt:8800

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

During development if you delete the DOCKER chain or the iptables rules get dropped (e.g. by a restart of
firewalld) Docker will start logging iptables errors such as “failed programming external connectivity …
iptables: No chain/target/match by that name”.

To resolve simply restart Docker and the correct iptables rules will be created.

Topic		Replies	Views
Create network for container communication without exposing ports How do I? replicated-classic	7	323	August 7, 2022
Service unavailable for API route and version Troubleshooting replicated-classic	2	443	May 31, 2023
How can I prevent installs when a Preflight Check fails How do I? kots , troubleshoot	0	252	April 11, 2022
Private dockerhub registry: Failed to pull image Troubleshooting	10	3227	October 11, 2019
How Can I Conditionally Run a Preflight Check? How do I? kots , support-bundle , troubleshoot , pre-flights	1	402	November 30, 2022

Docker IPTables and No-Chain Error

Related Topics