What | Removed | Added |
---|---|---|
CC | jda82@vicious-gaming.de |
I am also affected by this issue. This seems to be caused by docker being unable to set all required IPTables-Rules, especially in the FORWARD table. If i save the rules before the upgrade and restore after, everything works fine (until i change something). If i just restart the machine after an upgrade, rules are missing and the DROP-Counter of the FORWARD-Chain increases. I run a non-trivial Docker setup with multiple networks, especially a "ingress" external network for traefik, which is used in most of my docker-compose stacks. After a failed upgrade most of the FORWARD rules for interfaces other than docker0 are missing. This does not seem to be caused by docker or runc but by iptables / nftables /xtables. After downgrading those everything started working again. Working versions for me: - iptables-1.8.10-3.1 - iptables-backend-nft-1.8.10-3.1 - nftables-1.1.1-1.1 - libnftables1-1.1.1-1.1 - libxtables12-1.8.10-3.1 - xtables-plugins-1.8.10-3.1 This is on tumbleweed 20241125 with docker-stable 24.0.9_ce-2.1 and runc 1.2.2-1.1