Description
For security reasons, I disable ipv6 in the Linux kernel with the grub command "ipv6.disable=1". In the past I have set "ipv6": false in /etc/docker/daemon.json and have no problems running the docker daemon.
Today when upgrading to 28.0.0 (on debian 12) the daemon refuses to start with the following error
dockerd[2681]: time="2025-02-20T11:35:27.306094149Z" level=warning msg="Failed to add inter-network communication rule" error=" (iptables failed: ip6tables --wait -t filter -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2: ip6tables v1.8.9 (legacy): can't initialize ip6tables table `filter': Address family not supported by protocol\nPerhaps ip6tables or your kernel needs to be upgraded.\n (exit status 3))"
dockerd[2681]: time="2025-02-20T11:35:27.345646032Z" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
dockerd[2681]: failed to start daemon: Error initializing network controller: error creating default "bridge" network: add inter-network communication rule: (iptables failed: ip6tables --wait -t filter -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2: ip6tables v1.8.9 (legacy): can't initialize ip6tables table `filter': Address family not supported by protocol
systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Reproduce
- disable ipv6 in kernel
- use iptables as firewall
- docker service crash even if ipv6 is disable in daemon option.
Expected behavior
If "ipv6": false is set in daemon.json, it should never try to load the ipv6 rule, like before.
docker version
Client: Docker Engine - Community
Version: 28.0.0
API version: 1.48
Go version: go1.23.6
Git commit: f9ced58
Built: Wed Feb 19 22:10:43 2025
OS/Arch: linux/amd64
Context: default
docker info
Client: Docker Engine - Community
Version: 28.0.0
Context: default
Debug Mode: false
Server:
errors pretty printing info
Additional Info
No response
Description
For security reasons, I disable ipv6 in the Linux kernel with the grub command "ipv6.disable=1". In the past I have set
"ipv6": falsein /etc/docker/daemon.json and have no problems running the docker daemon.Today when upgrading to 28.0.0 (on debian 12) the daemon refuses to start with the following error
Reproduce
Expected behavior
If "ipv6": false is set in daemon.json, it should never try to load the ipv6 rule, like before.
docker version
docker info
Client: Docker Engine - Community Version: 28.0.0 Context: default Debug Mode: false Server: errors pretty printing infoAdditional Info
No response