JDA changed bug 1233690
What Removed Added
CC   jda82@vicious-gaming.de

Comment # 1 on bug 1233690 from JDA
I am also affected by this issue. 
This seems to be caused by docker being unable to set all required
IPTables-Rules, especially in the FORWARD table. 
If i save the rules before the upgrade and restore after, everything works fine
(until i change something). 

If i just restart the machine after an upgrade, rules are missing and the
DROP-Counter of the FORWARD-Chain increases. 

I run a non-trivial Docker setup with multiple networks, especially a "ingress"
external network for traefik, which is used in most of my docker-compose
stacks.
After a failed upgrade most of the FORWARD rules for interfaces other than
docker0 are missing. 

This does not seem to be caused by docker or runc but by iptables / nftables
/xtables. 
After downgrading those everything started working again. 

Working versions for me: 
- iptables-1.8.10-3.1
- iptables-backend-nft-1.8.10-3.1
- nftables-1.1.1-1.1
- libnftables1-1.1.1-1.1
- libxtables12-1.8.10-3.1
- xtables-plugins-1.8.10-3.1

This is on tumbleweed 20241125 with docker-stable 24.0.9_ce-2.1 and runc
1.2.2-1.1


You are receiving this mail because: