Package: iptables
Version: 1.8.11-1
Severity: important
Dear Maintainer,
I have since downgraded to the trixie packages & dependencies to get myself
back up and running.
* What led up to the situation?
Upgraded my system and any Docker containers that were on a bridge network
(created with docker network create) no longer had network access beyond
localhost
* What exactly did you do (or not do) that was effective (or
ineffective)?
Downgraded to 1.8.10-4 from trixie
* What was the outcome of this action?
FORWARD rules for my created docker network were inserted after I downgraded
and restarted the docker systemd service.
* What outcome did you expect instead?
The checks to fail.
Essentially, when docker starts up, it seems to use the -C command of iptables
to check whether a rule has been inserted correctly. When I run what docker
runs manually (iptables -v --wait -t filter -C FORWARD -i br-e52603214070 -o
br-e52603214070 -j ACCEPT) with the verbose flag, it returns this rule: -A
FORWARD -i docker0 -o docker0 -j ACCEPT
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.11.6-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages iptables depends on:
ii libc6 2.40-3
ii libip4tc2 1.8.10-4+b1
ii libip6tc2 1.8.10-4+b1
ii libmnl0 1.0.5-3
ii libnetfilter-conntrack3 1.1.0-1
ii libnfnetlink0 1.0.2-3
ii libnftnl11 1.2.8-1
ii libxtables12 1.8.10-4+b1
ii netbase 6.4
Versions of packages iptables recommends:
ii nftables 1.1.1-1
Versions of packages iptables suggests:
pn firewalld <none>
ii kmod 33+20240816-2
-- no debconf information
