Getting WARNING: bridge-nf-call-iptables is disabled with overlay storage driver

[alfredcs]

[root@dcosa12 ~]# docker info
Containers: 9
Running: 0
Paused: 0
Stopped: 9
Images: 3
Server Version: 1.12.0-rc4
Storage Driver: overlay
Backing Filesystem: xfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: host bridge null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-327.10.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 11.43 GiB
Name: dcosa12
ID: XON7:NI34:SW5V:YACY:S7UI:4RJT:YWAJ:PG7W:XG4N:T7NC:AGLK:UQJR
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
127.0.0.0/8

[root@dcosa12 ~]# uname -a
Linux dcosa12 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@dcosa12 etc]# more centos-release
CentOS Linux release 7.2.1511 (Core)
[root@dcosa12 etc]#

[cpuguy83]

This is not related to anything with storage, and is just because either /proc/sys/net/bridge/bridge-nf-call-iptables doesn't exist or is set to 0.

Closing since this is not a real issue.
Thanks!

[JOduMonT]

I had this issue :
Obviously like CPUGuy said it's not link to your Device Storage

I run my Docker on CentOS with SELinux enforcing and FirewallD on
To resolve this Warning I add those two lines info my /etc/sysctl.conf

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

ref: http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf

PS: I also have those lines who seems having action on this warning too

net.ipv6.conf.default.router_solicitations = 0
net.ipv6.conf.default.accept_ra_rtr_pref = 0
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.default.accept_ra_defrtr = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.default.dad_transmits = 0
net.ipv6.conf.default.max_addresses = 1

[frankruizhi]

I solve this problem by execting two commands:
sysctl net.bridge.bridge-nf-call-iptables=1
sysctl net.bridge.bridge-nf-call-ip6tables=1

[huiyonghkw]

@frankruizhi is right, using the command

$sudo sysctl net.bridge.bridge-nf-call-iptables=1

$sudo sysctl net.bridge.bridge-nf-call-ip6tables=1

[QingyaFan]

@frankruizhi is right, however this is not permanent. If you reboot, the change will lost. When you type docker info, the WARNNING will appear again.
So if you want a permanent change, you should edit your /etc/sysctl.conf and add below to the end of the file:

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

In the end, run sysctl -p.

[aoberest]

Source: https://docs.oracle.com/en/operating-systems/oracle-linux/docker/issue-iptables-warning.html

This is expected behavior. These settings control whether packets traversing a network bridge are processed by iptables rules on the host system. Typically, enabling these options is not desirable as this can cause guest container traffic to be blocked by iptables rules that are intended for the host. This could cause unpredictable behavior for containers that do not expect traffic to be firewalled at the host level.

If you accept and understand the implications of enabling these options or you have no iptables rules set on the host, you can enable these options to remove the warning messages.

[matbillo]

Hi!
I get the following docker info

PS C:\Users\user> docker info
Client:
 Debug Mode: false

Server:
 Containers: 2
  Running: 0
  Paused: 0
  Stopped: 2
 Images: 1
 Server Version: 19.03.13
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 4.19.128-microsoft-standard
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 6.092GiB
 Name: docker-desktop
 ID: JVKD:HJXP:DYEM:EEHM:4KEV:VVLI:R56P:ABRQ:YMN7:ZHQE:ZMH6:6CG3
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

where could I find the /etc/sysctl.conf in Windows so that I can write the two commands

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

Thanks!

[konstapascal]

@matbillo The docker server and that directory are obviously not on the Windows file system but inside a WSL distribution as you can see from the command output you posted. The distro is called docker-desktop.

The way i reached that config file was by opening command prompt and using wsl -d docker-desktop to enter the distro, then cd /etc to go to the directory where the file is. From there you can open and edit the file with vi sysctl.conf.

Helpful screenshot if you prefer visuals:

[tobia]

This is expected behavior. [...] Typically, enabling these options is not desirable [...]

Then what is the correct way to suppress the warnings if one does not want to enable those two options?