Running docker container : iptables: No chain/target/match by that name

Question

I\'m trying to run a container but I get the following issue :

Error response from daemon: Cannot start container b005715c40ea7d5821b15c44f5b7f902d4b39da7c83468f         


        

Answer 1

The error may happen because it is trying to affect the iptables "DOCKER" filter chain, but is not there.

The option --iptables=false prevents docker from changing the iptables configuration.

(Source: https://docs.docker.com/v17.09/engine/userguide/networking/default_network/container-communication/#communicating-to-the-outside-world)

If you opt for fixing the iptables docker filter chain, here's how to.

You can actually edit the iptables and add it, so that it looks like in the example here Docker: How to re-create dockers additional iptables rules?

Like this

sudo vi /etc/sysconfig/iptables

Add the ":DOCKER" lines

*nat
:PREROUTING ACCEPT [144:8072]
:INPUT ACCEPT [87:5208]
:OUTPUT ACCEPT [118:8055]
:POSTROUTING ACCEPT [118:8055]
:DOCKER - [0:0]
... your previous rules here ...
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5781:5099614]
:DOCKER - [0:0]
... your previous rules here ...
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
COMMIT

Restart... e.g.

service iptables restart

A good "further read" link where it is well explained

https://medium.com/@ebuschini/iptables-and-docker-95e2496f0b45