https://bugzilla.redhat.com/show_bug.cgi?id=1033606
--- Comment #21 from Josh Poimboeuf jpoimboe@redhat.com --- (In reply to Marek Goldmann from comment #16)
Thanks Josh!
It looks like the iptables rules creation in docker is wrong. It assumes that the bridge interface is started every time. I created a patch which can be found here: https://github.com/goldmann/docker/commit/ 0ff9bc1be3ae044107732c605986a0af20220134
AFAICT, the FORWARD rules only need to be created once, at bridge creation time. The bridge device and the FORWARD rules are never removed. They can then be re-used if the docker daemon exits and restarts.
It seems like somebody is either a) creating the bridge without creating the rules or b) removing the rules without removing the bridge. I still don't understand what's happening here.
That said, the patch itself looks fine to me. And it might be a good idea anyway, to make sure the rules are always correct.