Problem
I got a fresh installed Fedora 27 installation.
I installed docker-ce-17.12.0 on it.
Now if I'm trying to start a container like the following:
docker run -d -p 10.1.1.56:80:8080 --restart always --volume /docker/magic_mirror/config:/opt/magic_mirror/config --volume /docker/magic_mirror/modules:/opt/magic_mirror/modules --name magic_mirror bastilimbach/docker-magicmirror
If I'm looking at the firewalld I see the following errors:
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2018-01-09 19:51:07 CET; 1min 41s ago
Docs: man:firewalld(1)
Main PID: 1227 (firewalld)
Tasks: 2 (limit: 4915)
Memory: 40.2M
CPU: 952ms
CGroup: /system.slice/firewalld.service
└─1227 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -n -L DOCKER-USER' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER-USER -j RETURN' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-USER' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOCKER -p tcp -d 10.1.1.56 --dport 80 -j DNAT --to-destination 172.17.0.2:8080 ! -i docker0' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0.2 --dport 8080 -j ACCEPT' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POSTROUTING -p tcp -s 172.17.0.2 -d 172.17.0.2 --dport 8080 -j MASQUERADE' failed:
Jan 09 19:52:39 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOCKER -p tcp -d 10.1.1.56 --dport 80 -j DNAT --to-destination 172.17.0.2:8080 ! -i docker0' failed:
Jan 09 19:52:39 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0.2 --dport 8080 -j ACCEPT' failed:
Jan 09 19:52:39 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POSTROUTING -p tcp -s 172.17.0.2 -d 172.17.0.2 --dport 8080 -j MASQUERADE' failed:
General Infos
docker info
Docker Info:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 17.12.0-ce
Storage Driver: devicemapper
Pool Name: docker-thinpool
Pool Blocksize: 524.3kB
Base Device Size: 10.74GB
Backing Filesystem: xfs
Udev Sync Supported: true
Data Space Used: 1.561GB
Data Space Total: 102GB
Data Space Available: 100.4GB
Metadata Space Used: 700.4kB
Metadata Space Total: 1.07GB
Metadata Space Available: 1.069GB
Thin Pool Minimum Free Space: 10.2GB
Deferred Removal Enabled: true
Deferred Deletion Enabled: true
Deferred Deleted Device Count: 0
Library Version: 1.02.144 (2017-10-06)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 89623f28b87a6004d4b785663257362d1658a729
runc version: b2567b37d7b75eb4cf325b77297b140ea686ce8f
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.14.11-300.fc27.x86_64
Operating System: Fedora 27 (Workstation Edition)
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 31.41GiB
Name: fedora.naef.home
ID: R5N6:WND3:PZI5:HJNF:BCUY:IX7A:VTF3:AQGU:EJ3R:E6JP:WYQ3:Y4UU
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Docker version
Client:
Version: 17.12.0-ce
API version: 1.35
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:12:17 2017
OS/Arch: linux/amd64
Server:
Engine:
Version: 17.12.0-ce
API version: 1.35 (minimum version 1.12)
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:14:50 2017
OS/Arch: linux/amd64
Experimental: false
cat /etc/sysconfig/network-scripts/ifcfg-docker0
DEVICE=docker0
STP=no
TYPE=Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=172.17.0.1
PREFIX=16
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV4_DNS_PRIORITY=100
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
IPV6_DNS_PRIORITY=100
NAME=docker0
UUID=0957d0b2-3ed7-418f-9399-e7b335bd2c3e
ONBOOT=no
ZONE=trusted
cat /etc/firewalld/zones/trusted.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
<short>Trusted</short>
<description>All network connections are accepted.</description>
<interface name="docker0"/>
</zone>
journalctl -f
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06.179211912+01:00" level=info msg="Container 94c6657d6c7f47f20a29ab7f82e5ebad929144de319db79317872bcc00960928 failed to exit within 10 seconds of signal 15 - using the force"
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06.220316777+01:00" level=warning msg="unknown container" container=94c6657d6c7f47f20a29ab7f82e5ebad929144de319db79317872bcc00960928 module=libcontainerd namespace=plugins.moby
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06+01:00" level=info msg="shim reaped" id=94c6657d6c7f47f20a29ab7f82e5ebad929144de319db79317872bcc00960928 module="containerd/tasks"
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06.257560260+01:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06.257571381+01:00" level=info msg="ignoring event" module=libcontainerd namespace=plugins.moby topic=/tasks/delete type="*events.TaskDelete"
Jan 09 20:25:06 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=84
Jan 09 20:25:06 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=84
Jan 09 20:25:06 fedora.naef.home audit: NETFILTER_CFG table=filter family=2 entries=140
Jan 09 20:25:06 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=83
Jan 09 20:25:06 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=83
Jan 09 20:25:06 fedora.naef.home kernel: docker0: port 1(veth1efe87b) entered disabled state
Jan 09 20:25:06 fedora.naef.home kernel: vethc9528bb: renamed from eth0
Jan 09 20:25:06 fedora.naef.home NetworkManager[1638]: <info> [1515525906.3229] manager: (vethc9528bb): new Veth device (/org/freedesktop/NetworkManager/Devices/12)
Jan 09 20:25:06 fedora.naef.home systemd-udevd[6272]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jan 09 20:25:06 fedora.naef.home avahi-daemon[1249]: Interface veth1efe87b.IPv6 no longer relevant for mDNS.
Jan 09 20:25:06 fedora.naef.home kernel: docker0: port 1(veth1efe87b) entered disabled state
Jan 09 20:25:06 fedora.naef.home avahi-daemon[1249]: Leaving mDNS multicast group on interface veth1efe87b.IPv6 with address fe80::c830:5dff:fe33:cd5a.
Jan 09 20:25:06 fedora.naef.home audit: ANOM_PROMISCUOUS dev=veth1efe87b prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
Jan 09 20:25:06 fedora.naef.home kernel: device veth1efe87b left promiscuous mode
Jan 09 20:25:06 fedora.naef.home kernel: docker0: port 1(veth1efe87b) entered disabled state
Jan 09 20:25:06 fedora.naef.home libvirtd[1951]: 2018-01-09 19:25:06.328+0000: 1951: error : virFileReadAll:1390 : Failed to open file '/sys/class/net/vethc9528bb/operstate': No such file or directory
Jan 09 20:25:06 fedora.naef.home libvirtd[1951]: 2018-01-09 19:25:06.329+0000: 1951: error : virNetDevGetLinkInfo:2504 : unable to read: /sys/class/net/vethc9528bb/operstate: No such file or directory
Jan 09 20:25:06 fedora.naef.home avahi-daemon[1249]: Withdrawing address record for fe80::c830:5dff:fe33:cd5a on veth1efe87b.
Jan 09 20:25:06 fedora.naef.home NetworkManager[1638]: <info> [1515525906.3395] device (veth1efe87b): released from master device docker0
Jan 09 20:25:06 fedora.naef.home gnome-shell[2756]: async_got_type: could not read properties for /org/freedesktop/NetworkManager/Devices/12: No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/Devices/12
Jan 09 20:25:06 fedora.naef.home gnome-shell[2756]: async_got_type: could not read properties for /org/freedesktop/NetworkManager/Devices/12: No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/Devices/12
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Unmounting Filesystem
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06.638002427+01:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/containers/delete type="*events.ContainerDelete"
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Mounting V5 Filesystem
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Ending clean mount
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Unmounting Filesystem
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Mounting V5 Filesystem
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Ending clean mount
Jan 09 20:25:07 fedora.naef.home kernel: XFS (dm-10): Unmounting Filesystem
Jan 09 20:25:07 fedora.naef.home kernel: XFS (dm-10): Mounting V5 Filesystem
Jan 09 20:25:07 fedora.naef.home kernel: XFS (dm-10): Ending clean mount
Jan 09 20:25:07 fedora.naef.home audit: ANOM_PROMISCUOUS dev=veth48f92ff prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered blocking state
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered disabled state
Jan 09 20:25:07 fedora.naef.home kernel: device veth48f92ff entered promiscuous mode
Jan 09 20:25:07 fedora.naef.home kernel: IPv6: ADDRCONF(NETDEV_UP): veth48f92ff: link is not ready
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered blocking state
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered forwarding state
Jan 09 20:25:07 fedora.naef.home systemd-udevd[6354]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jan 09 20:25:07 fedora.naef.home systemd-udevd[6355]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jan 09 20:25:07 fedora.naef.home NetworkManager[1638]: <info> [1515525907.1143] manager: (vethb62fe93): new Veth device (/org/freedesktop/NetworkManager/Devices/13)
Jan 09 20:25:07 fedora.naef.home systemd-udevd[6355]: Could not generate persistent MAC address for veth48f92ff: No such file or directory
Jan 09 20:25:07 fedora.naef.home systemd-udevd[6354]: Could not generate persistent MAC address for vethb62fe93: No such file or directory
Jan 09 20:25:07 fedora.naef.home NetworkManager[1638]: <info> [1515525907.1168] manager: (veth48f92ff): new Veth device (/org/freedesktop/NetworkManager/Devices/14)
Jan 09 20:25:07 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOCKER -p tcp -d 10.1.1.56 --dport 80 -j DNAT --to-destination 172.17.0.2:8080 ! -i docker0' failed:
Jan 09 20:25:07 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=82
Jan 09 20:25:07 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0.2 --dport 8080 -j ACCEPT' failed:
Jan 09 20:25:07 fedora.naef.home audit: NETFILTER_CFG table=filter family=2 entries=139
Jan 09 20:25:07 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POSTROUTING -p tcp -s 172.17.0.2 -d 172.17.0.2 --dport 8080 -j MASQUERADE' failed:
Jan 09 20:25:07 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=83
Jan 09 20:25:07 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:07.177440952+01:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/containers/create type="*events.ContainerCreate"
Jan 09 20:25:07 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:07+01:00" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/f41833e372d588f38d6889be51fb1fd45d82eda1465a6f24b840e7f26948cbdd/shim.sock" debug=false module="containerd/tasks" pid=6371
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered disabled state
Jan 09 20:25:07 fedora.naef.home kernel: eth0: renamed from vethb62fe93
Jan 09 20:25:07 fedora.naef.home kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth48f92ff: link becomes ready
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered blocking state
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered forwarding state
Jan 09 20:25:07 fedora.naef.home NetworkManager[1638]: <info> [1515525907.3819] device (veth48f92ff): link connected
Jan 09 20:25:07 fedora.naef.home NetworkManager[1638]: <info> [1515525907.3821] device (docker0): link connected
Jan 09 20:25:07 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:07.440555022+01:00" level=warning msg="unknown container" container=f41833e372d588f38d6889be51fb1fd45d82eda1465a6f24b840e7f26948cbdd module=libcontainerd namespace=plugins.moby
Jan 09 20:25:07 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:07.458195638+01:00" level=warning msg="unknown container" container=f41833e372d588f38d6889be51fb1fd45d82eda1465a6f24b840e7f26948cbdd module=libcontainerd namespace=plugins.moby
Jan 09 20:25:09 fedora.naef.home avahi-daemon[1249]: Joining mDNS multicast group on interface veth48f92ff.IPv6 with address fe80::1867:1eff:fea3:4277.
Jan 09 20:25:09 fedora.naef.home avahi-daemon[1249]: New relevant interface veth48f92ff.IPv6 for mDNS.
Jan 09 20:25:09 fedora.naef.home avahi-daemon[1249]: Registering new address record for fe80::1867:1eff:fea3:4277 on veth48f92ff.*.
Updated
iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-N DOCKER-USER
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_FedoraWorkstation
-N FWDI_FedoraWorkstation_allow
-N FWDI_FedoraWorkstation_deny
-N FWDI_FedoraWorkstation_log
-N FWDI_trusted
-N FWDI_trusted_allow
-N FWDI_trusted_deny
-N FWDI_trusted_log
-N FWDO_FedoraWorkstation
-N FWDO_FedoraWorkstation_allow
-N FWDO_FedoraWorkstation_deny
-N FWDO_FedoraWorkstation_log
-N FWDO_trusted
-N FWDO_trusted_allow
-N FWDO_trusted_deny
-N FWDO_trusted_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_FedoraWorkstation
-N IN_FedoraWorkstation_allow
-N IN_FedoraWorkstation_deny
-N IN_FedoraWorkstation_log
-N IN_trusted
-N IN_trusted_allow
-N IN_trusted_deny
-N IN_trusted_log
-N OUTPUT_direct
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A DOCKER-ISOLATION -j RETURN
-A DOCKER-USER -j RETURN
-A FORWARD_IN_ZONES -i enp5s0 -g FWDI_FedoraWorkstation
-A FORWARD_IN_ZONES -i docker0 -j FWDI_trusted
-A FORWARD_IN_ZONES -g FWDI_FedoraWorkstation
-A FORWARD_OUT_ZONES -o enp5s0 -g FWDO_FedoraWorkstation
-A FORWARD_OUT_ZONES -o docker0 -j FWDO_trusted
-A FORWARD_OUT_ZONES -g FWDO_FedoraWorkstation
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_log
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_deny
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_allow
-A FWDI_FedoraWorkstation -p icmp -j ACCEPT
-A FWDI_trusted -j FWDI_trusted_log
-A FWDI_trusted -j FWDI_trusted_deny
-A FWDI_trusted -j FWDI_trusted_allow
-A FWDI_trusted -j ACCEPT
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_log
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_deny
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_allow
-A FWDO_trusted -j FWDO_trusted_log
-A FWDO_trusted -j FWDO_trusted_deny
-A FWDO_trusted -j FWDO_trusted_allow
-A FWDO_trusted -j ACCEPT
-A INPUT_ZONES -i enp5s0 -g IN_FedoraWorkstation
-A INPUT_ZONES -i docker0 -j IN_trusted
-A INPUT_ZONES -g IN_FedoraWorkstation
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_log
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_deny
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_allow
-A IN_FedoraWorkstation -p icmp -j ACCEPT
-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT
-A IN_FedoraWorkstation_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT
-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT
-A IN_trusted -j IN_trusted_log
-A IN_trusted -j IN_trusted_deny
-A IN_trusted -j IN_trusted_allow
-A IN_trusted -j ACCEPT
Best Answer
This is more like a warning that these rules already exists. Because the error message is missing it is not a real error.
See https://github.com/moby/moby/issues/16137