--- Comment #21 from Josh Poimboeuf <jpoimboe(a)redhat.com> ---
(In reply to Marek Goldmann from comment #16)
It looks like the iptables rules creation in docker is wrong. It assumes
that the bridge interface is started every time. I created a patch which can
be found here:
AFAICT, the FORWARD rules only need to be created once, at bridge creation
time. The bridge device and the FORWARD rules are never removed. They can
then be re-used if the docker daemon exits and restarts.
It seems like somebody is either a) creating the bridge without creating the
rules or b) removing the rules without removing the bridge. I still don't
understand what's happening here.
That said, the patch itself looks fine to me. And it might be a good idea
anyway, to make sure the rules are always correct.
You are receiving this mail because:
You are on the CC list for the bug.