docker异常unable to add return rule in DOCKER-ISOLATION-STAGE-1 chain
docker 重装启动异常
INFO[2021-03-09T15:06:20.839195000+08:00] Loading containers: start. INFO[2021-03-09T15:06:20.885624800+08:00] stopping event stream following graceful shutdown error="<nil>" module=libcontainerd namespace=moby INFO[2021-03-09T15:06:20.885865900+08:00] stopping healthcheck following graceful shutdown module=libcontainerd INFO[2021-03-09T15:06:20.886012400+08:00] stopping event stream following graceful shutdown error="context canceled" module=libcontainerd namespace=plugins.moby failed to start daemon: Error initializing network controller: error obtaining controller instance: unable to add return rule in DOCKER-ISOLATION-STAGE-1 chain: (iptables failed: iptables --wait -A DOCKER-ISOLATION-STAGE-1 -j RETURN: iptables v1.8.7 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain DOCKER-ISOLATION-STAGE-1 (exit status 4))
看到老外遇到相同问题这么解释的:
I noticed iptables being used is a nftables version. Turns out, Starting from version 20.10, Ubuntu switched the firewall system to nftables in like mentoned here; But unfortunately, using nftables natively requires Linux Kernel 5.8, where the latest Kernel version for WSL is 5.4.
Fortunately, Ubuntu still have a legacy version of iptables kept in the system. To do it, you can simlpy use update-alternatives --config iptables to change it:
解决方法:
$ sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).
Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/sbin/iptables-nft 20 auto mode
1 /usr/sbin/iptables-legacy 10 manual mode
2 /usr/sbin/iptables-nft 20 manual mode
Press <enter> to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode
最后docker服务重启
systemct restart docker
