Description of problem: Version-Release number of selected component (if applicable): iptables-1.8.0-3.fc29.x86_64 moby-engine-18.06.0-2.ce.git0ffa825.fc29.x86_64 How reproducible: Steps to Reproduce: 1. update-alternatives --config iptables -> select iptables-nft 2. systemctl restart docker (or maybe the whole system) Actual results: docker fails to start: Error starting daemon: Error initializing network controller: error obtaining controller instance: unable to add return rule in DOCKER-ISOLATION-STAGE-1 chain: (COMMAND_FAILED: '/usr/sbin/iptables -w10 -A DOCKER-ISOLATION-STAGE-1 -j RETURN' failed: iptables v1.8.0 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain DOCKER-ISOLATION-STAGE-1 Expected results: docker starts Additional info: The problem is caused by a bug in iptables 1.8.0, which is fixed in iptables 1.8.1 (and thus also in 1.8.2) https://git.netfilter.org/iptables/commit/?id=03572549df349455fcade80dfab0b28904975330 The Problem with iptables-1.8.0 is the following behavior glitch: $ iptables-legacy -t filter -n -L FOO-BAR-TEST iptables: No chain/target/match by that name. $ echo $? 1 $ iptables-nft -t filter -n -L FOO-BAR-TEST # Warning: iptables-legacy tables present, use iptables-legacy to see them $ echo $? 0 docker relies on iptables -L throwing an error if a table does not exist.
F30 contains the requested update.