【CenOS7】firewalld docker

42121

[iyunv@wode004 sysconfig]# systemctl status firewalld.service -l

firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)

   Active: active (running) since 六 2015-10-31 02:25:11 CST; 28min ago

Main PID: 909 (firewalld)

   CGroup: /system.slice/firewalld.service

           └─909 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

10月 31 02:25:15 wode004 firewalld[909]: 2015-10-31 02:25:15 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -C POSTROUTING -s 172.17.42.1/16 ! -o docker0 -j MASQUERADE' failed: iptables: No chain/target/match by that name.

10月 31 02:25:15 wode004 firewalld[909]: 2015-10-31 02:25:15 ERROR: COMMAND_FAILED: '/sbin/iptables -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).

10月 31 02:25:15 wode004 firewalld[909]: 2015-10-31 02:25:15 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -C FORWARD -i docker0 -o docker0 -j ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).

10月 31 02:25:15 wode004 firewalld[909]: 2015-10-31 02:25:15 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -C FORWARD -i docker0 ! -o docker0 -j ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).

10月 31 02:25:15 wode004 firewalld[909]: 2015-10-31 02:25:15 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).

10月 31 02:25:15 wode004 firewalld[909]: 2015-10-31 02:25:15 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -n -L DOCKER' failed: iptables: No chain/target/match by that name.

10月 31 02:25:15 wode004 firewalld[909]: 2015-10-31 02:25:15 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -C PREROUTING -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables: No chain/target/match by that name.

10月 31 02:25:15 wode004 firewalld[909]: 2015-10-31 02:25:15 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --dst 127.0.0.0/8' failed: iptables: No chain/target/match by that name.

10月 31 02:25:15 wode004 firewalld[909]: 2015-10-31 02:25:15 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -n -L DOCKER' failed: iptables: No chain/target/match by that name.

10月 31 02:25:15 wode004 firewalld[909]: 2015-10-31 02:25:15 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -C FORWARD -o docker0 -j DOCKER' failed: iptables: No chain/target/match by that name.

[iyunv@wode004 sysconfig]#

[iyunv@wode004 sysconfig]# ps -ef | grep dock

root      1622     1  0 02:25 ?        00:00:00 /usr/bin/docker -d --selinux-enabled

root      6088  3191  0 02:55 pts/0    00:00:00 grep --color=auto dock

[iyunv@wode004 sysconfig]#

[iyunv@wode004 sysconfig]# ifconfig

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

        inet 172.17.42.1  netmask 255.255.0.0  broadcast 0.0.0.0

        ether 56:84:7a:fe:97:99  txqueuelen 0  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0