Merge pull request #46245 from thaJeztah/firewalld_dont_fail_on_removal

libnetwork/iptables: ProgramChain: don't fail if interface not found

libnetwork/iptables/firewalld.go

@@ -273,7 +273,7 @@ func DelInterfaceFirewalld(intf string) error {
 	}
 	// Remove interface if it exists
 	if !contains(intfs, intf) {
-		return fmt.Errorf("Firewalld: unable to find interface %s in %s zone", intf, dockerZone)
+		return &interfaceNotFound{fmt.Errorf("firewalld: interface %q not found in %s zone", intf, dockerZone)}
 	}
 
 	log.G(context.TODO()).Debugf("Firewalld: removing %s interface from %s zone", intf, dockerZone)
@@ -284,6 +284,10 @@ func DelInterfaceFirewalld(intf string) error {
 	return nil
 }
 
+type interfaceNotFound struct{ error }
+
+func (interfaceNotFound) NotFound() {}
+
 func contains(list []string, val string) bool {
 	for _, v := range list {
 		if v == val {

libnetwork/iptables/iptables.go

@@ -15,6 +15,7 @@ import (
 	"time"
 
 	"github.com/containerd/containerd/log"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/rootless"
 )
 
@@ -209,7 +210,7 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode
 				return err
 			}
 		} else {
-			if err := DelInterfaceFirewalld(bridgeName); err != nil {
+			if err := DelInterfaceFirewalld(bridgeName); err != nil && !errdefs.IsNotFound(err) {
 				return err
 			}
 		}