After recently running pacman -Syu, then installing some unrelated packages, on a computer running Arch Linux, exposing ports of a new container using --publish produces a strange error.
Here's an example of the error produced:
docker: Error response from daemon: driver failed programming external connectivity on endpoint bsp-devkit (7a47f30eaa0e104d6b9a7b75003a768e734182e20e057e51d33cca23da7dbf02): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 10809 -j DNAT --to-destination 172.17.0.2:10809 ! -i docker0: iptables v1.8.2 (legacy): unknown option "--dport"
Try `iptables -h' or 'iptables --help' for more information.
(exit status 2)).
Here's a Docker run command that's failing in this way:
docker run \
--publish=2223:22 \
--publish=8000:8000 \
--publish=69:69/udp --publish=10809:10809 \
--detach=true --privileged \
--hostname=bsp-devkit --name=bsp-devkit \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-v $MIRRORDIR:/home/devel/mirror \
-it $IMAGE
This is very weird to me, because it seems like a regression caused by a newer version of iptables, but the iptables version has "legacy" written after it (so why would that version be updated with a breaking change?) and I also haven't found anyone else online asking about this specific error so I must have messed something up really badly.
The packages I installed included the hex editor Bless, but I don't remember if I installed anything else.
Additional Notes - I have never configured a firewall on this system - This computer is on a VPN, but this hasn't been an issue before
Updates:
- Updating Docker does not fix the issue
- Downgrading the iptables package to
v1.8.0from the pacman cache doesn't fix it... iptables daemon doesn't seem to be running; logs say /etc/iptables/iptables.rules is missing- The problem persists after creating iptables.rules and starting the daemon
