0ct0pu5/moby

check-config.sh: add NETFILTER_XT_MARK

Points out another symbol that Docker might need. in this case Docker's
mesh network in swarm mode does not route Virtual IPs if it's unset.

From /var/logs/docker.log:
time="2021-02-19T18:15:39+01:00" level=error msg="set up rule failed, [-t mangle -A INPUT -d 10.0.1.2/32 -j MARK --set-mark 257]:  (iptables failed: iptables --wait -t mang
le -A INPUT
-d 10.0.1.2/32 -j MARK --set-mark 257: iptables v1.8.7 (legacy): unknown option \"--set-mark\"\nTry `iptables -h' or 'iptables --help' for more information.\n (exit status 2))"

Bug: https://github.com/moby/libnetwork/issues/2227
Bug: https://github.com/docker/for-linux/issues/644
Bug: https://github.com/docker/for-linux/issues/525
Signed-off-by: Piotr Karbowski <piotr.karbowski@protonmail.ch>
(cherry picked from commit e8ceb976469e15547ed368ba5c110102ccc5fbfa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Piotr Karbowski 4 years ago

parent

dc1606ad79

commit

a24d92f95b

1 changed files with 1 additions and 0 deletions

Split View Show Diff Stats

						
							+ 1
							
							- 0
						
contrib/check-config.sh
							 
								View File
							
				@@ -198,6 +198,7 @@ flags=(
			
				 	VETH BRIDGE BRIDGE_NETFILTER
			
				 	IP_NF_FILTER IP_NF_TARGET_MASQUERADE
			
				 	NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK,IPVS}
			
				+	NETFILTER_XT_MARK
			
				 	IP_NF_NAT NF_NAT
			
				 	# required for bind-mounting /dev/mqueue into containers

check-config.sh: add NETFILTER_XT_MARK

+ 1 - 0 contrib/check-config.sh View File

+ 1 - 0
contrib/check-config.sh
View File