免重启解决docker No chain/target/match by that name 免重启解决方案
问题原因和基本思路
网上通用方案就是重启,然后通过docker的生命函数重新创建网桥,出现这个情况的原因就是因为iptables里面丢失了网桥配置,导致主机和容器网络不通,所以需要我们恢复网桥链接通过iptables,那么这个配置文件的重新载入就能实现
我们通过iptables -L -n | grep DOCKER ,可以看到如果没有证明docker的网桥配置丢失了那还搞个屁
【保存现在的配置】
iptables-save > my.ipt
#将这个内存的映射导出到当前目录
【查看配置】
vim my.ipt
查看文件如下,为了将原有配置跟docker配置合并所以需要下载原来的文件避免出现其它问题
#Generated by iptables-save v1.4.21 on Thu Feb 1 16:33:12 2024
*filter
:INPUT ACCEPT [106581789:28976139577]
:FORWARD ACCEPT [147087:8825220]
:OUTPUT ACCEPT [116406101:43593334612]
COMMIT
#Completed on Thu Feb 1 16:33:12 2024
#Generated by iptables-save v1.4.21 on Thu Feb 1 16:33:12 2024
*nat
:PREROUTING ACCEPT [207224:12269475]
:INPUT ACCEPT [89680:5216807]
:OUTPUT ACCEPT [763177:50807942]
:POSTROUTING ACCEPT [880721:57860610]
COMMIT
#Completed on Thu Feb 1 16:33:12 2024
Ps:*[表名就是]
【追加配置】
nat表增加:
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
filter表增加:
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
结果:
#Generated by iptables-save v1.4.21 on Thu Feb 1 16:33:12 2024
*filter
:INPUT ACCEPT [106581789:28976139577]
:FORWARD ACCEPT [147087:8825220]
:OUTPUT ACCEPT [116406101:43593334612]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
#Completed on Thu Feb 1 16:33:12 2024
#Generated by iptables-save v1.4.21 on Thu Feb 1 16:33:12 2024
*nat
:PREROUTING ACCEPT [207224:12269475]
:INPUT ACCEPT [89680:5216807]
:OUTPUT ACCEPT [763177:50807942]
:POSTROUTING ACCEPT [880721:57860610]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
【重新载入配置】
iptables-restore < my.ipt
【查看结果】
iptables -L -n | grep DOCKER
