I’m trying to find the best way to restore the iptables rules that Docker creates (vis-a-vis nftables). I read that enabling live-restore would help with this, as long as we send a HUP to the docker daemon process. I can confirm that live-restore keeps our container running, but it does not appear to restore the firewall rules. Has anyone observed this?
OS Version/build: RedHat 9
App version: Docker 24.0.2 CE
Steps to reproduce:
- Enable live-restore in daemon.json
- Restart docker one to enable
- Reload nftables (clears the Docker rules)
- Run
systemctl reload docker
or/bin/kill -s SIGHUP <docker_pid>
- Observe that the running containers remained running
- Check the output of
nft list ruleset
and observe that the Docker rules have not been recreated