While troubleshooting why my GitLab-CI jobs were failing, I discovered that iptables-persistent was messing up Docker iptables rules.
It appears to me that the iptables-persistent init script is run after the Docker service is started. That causes the iptables rules that Docker implements to be overwritten.
I use an Ansible template to set my
/etc/iptables/rules.v4 file. Are Docker’s iptables rules always going to be the same? As in, can I save the iptables state after restarting Docker and add the Docker related rules to my Ansible configuration?
Can systemd detect that the rules are gone and initiate a restart?
Could I make Docker wait until after iptables-persistent has run to start? What if iptables-persistent is restarted, can Docker’s systemd server detect that and restart as well?
Does anyone have any other ideas on how to solve this? Well, other than switching OS’s.
root@stagingtest:/etc/iptables# docker --version Docker version 17.05.0-ce, build 89658be root@stagingtest:/etc/iptables# cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"