Filtered packets between containers in bridged network after upgrade #48411
Description
Description
Hi, I have similar problem to #48375. After upgrading to 27.2.0. My containers cannot reach each others. Before update, everything worked. Oddly only ping now works, everything else is filtered.
networks:
lan:
name: hass
driver: bridge
ipam:
config:
- subnet: "10.1.5.0/24"
gateway: "10.1.5.1"
driver_opts:
com.docker.network.bridge.name: hass
com.docker.network.bridge.enable_icc: "true"
Server container:
networks:
lan:
ipv4_address: 10.1.5.2
Client container:
networks:
lan:
ipv4_address: 10.1.5.3
Running nc on server container, sending packets from host works, but sending them from Client container not:
Reproduce
Start two containers with same bridged network.
Try to open port on one of them (nc -l ....)
Try to send packets from host (works)
Try to send packets from second container (don't work)
Expected behavior
As both containers are in same bridged network (same subnet - L2) with enabled_icc: "true", they should be able to communicate with each other without any changes to hosts firewall rules (communication go directly between them).
docker version
Client: Docker Engine - Community
Version: 27.2.0
API version: 1.47
Go version: go1.21.13
Git commit: 3ab4256
Built: Tue Aug 27 14:15:15 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 27.2.0
API version: 1.47 (minimum version 1.24)
Go version: go1.21.13
Git commit: 3ab5c7d
Built: Tue Aug 27 14:15:15 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.21
GitCommit: 472731909fa34bd7bc9c087e4c27943f9835f111
runc:
Version: 1.1.13
GitCommit: v1.1.13-0-g58aa920
docker-init:
Version: 0.19.0
GitCommit: de40ad0docker info
Client: Docker Engine - Community
Version: 27.2.0
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.16.2
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.29.2
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 19
Running: 19
Paused: 0
Stopped: 0
Images: 23
Server Version: 27.2.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: syslog
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.9.8-x64v3-xanmod1
Operating System: Ubuntu 24.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 15.46GiB
Name: ares
ID: 2d1963cd-6189-4bc3-9702-197687bec6fa
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: falseAdditional Info
Ubuntu server 24.04
nftables v1.0.9