You are not logged in.

Pages: 1

#1 2025-06-23 11:52:16

tvidal
Member
Registered: 2020-06-18
Posts: 20

[SOLVED] docker failing - iptables: Index of replacement too big.

Since last docker update last Monday 16 June, I am not able to start docker on my home server with the following issue:

$ journalctl --no-hostname --boot=0 --unit=docker.service
Jun 23 12:25:04 systemd[1]: Starting Docker Application Container Engine...
Jun 23 12:25:04 dockerd[22224]: time="2025-06-23T12:25:04.927209642+01:00" level=info msg="Starting up"
Jun 23 12:25:04 dockerd[22224]: time="2025-06-23T12:25:04.927700698+01:00" level=info msg="OTEL tracing is not configured, using no-op tracer provider"
Jun 23 12:25:04 dockerd[22224]: time="2025-06-23T12:25:04.937180919+01:00" level=info msg="Creating a containerd client" address=/run/containerd/containerd.sock timeout=1m0s
Jun 23 12:25:04 dockerd[22224]: time="2025-06-23T12:25:04.973014729+01:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
Jun 23 12:25:04 dockerd[22224]: time="2025-06-23T12:25:04.975605221+01:00" level=info msg="Loading containers: start."
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.150755380+01:00" level=warning msg="Error (Unable to complete atomic operation, key modified) deleting object [endpoint_count 60>
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.309406522+01:00" level=info msg="Loading containers: done."
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.342461337+01:00" level=warning msg="Not using native diff for overlay2, this may cause degraded performance for building images:>
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.342555343+01:00" level=info msg="Docker daemon" commit=45873be4ae containerd-snapshotter=false storage-driver=overlay2 version=2>
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.342622112+01:00" level=info msg="Initializing buildkit"
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.342989548+01:00" level=warning msg="CDI setup error /etc/cdi: failed to monitor for changes: no such file or directory"
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.343008755+01:00" level=warning msg="CDI setup error /var/run/cdi: failed to monitor for changes: no such file or directory"
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.346704210+01:00" level=info msg="Completed buildkit initialization"
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.351218698+01:00" level=info msg="Daemon has completed initialization"
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.351279251+01:00" level=info msg="API listen on /run/docker.sock"
Jun 23 12:25:05 iptables[22567]: iptables: Index of replacement too big.
Jun 23 12:25:05 systemd[1]: docker.service: Control process exited, code=exited, status=1/FAILURE
Jun 23 12:25:05 dockerd[22224]: time="2025-06-23T12:25:05.376424720+01:00" level=info msg="Processing signal 'terminated'"
Jun 23 12:25:15 dockerd[22224]: time="2025-06-23T12:25:15.382984705+01:00" level=info msg="Container failed to exit within 10s of signal 28 - using the force" container=f02312463d2bebf07>
Jun 23 12:25:15 dockerd[22224]: time="2025-06-23T12:25:15.410303225+01:00" level=info msg="ignoring event" container=f02312463d2bebf0704f63a3eb6fae4515e7617986941744b9177dc9ac7e637f modu>
Jun 23 12:25:15 dockerd[22224]: time="2025-06-23T12:25:15.419184206+01:00" level=warning msg="ShouldRestart failed, container will not be restarted" container=f02312463d2bebf0704f63a3eb6>
Jun 23 12:25:15 dockerd[22224]: time="2025-06-23T12:25:15.536472115+01:00" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace>
Jun 23 12:25:15 dockerd[22224]: time="2025-06-23T12:25:15.536810916+01:00" level=info msg="Daemon shutdown complete"
Jun 23 12:25:15 dockerd[22224]: time="2025-06-23T12:25:15.536929298+01:00" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainer>
Jun 23 12:25:15 systemd[1]: docker.service: Failed with result 'exit-code'.
Jun 23 12:25:15 systemd[1]: Failed to start Docker Application Container Engine.
$ sudo iptables -S

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-BRIDGE
-N DOCKER-CT
-N DOCKER-FORWARD
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-FORWARD
-A DOCKER ! -i docker0 -o docker0 -j DROP
-A DOCKER-BRIDGE -o docker0 -j DOCKER
-A DOCKER-CT -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-FORWARD -j DOCKER-CT
-A DOCKER-FORWARD -j DOCKER-ISOLATION-STAGE-1
-A DOCKER-FORWARD -j DOCKER-BRIDGE
-A DOCKER-FORWARD -i docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP

What I have tried:

$ sudo su <<EOF
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -S
EOF

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

sudo systemctl restart docker.service
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xeu docker.service" for details.

Any suggestion, please?
Thank you.

Last edited by tvidal (2025-06-23 12:25:26)

Offline

#2 2025-06-23 12:25:12

tvidal
Member
Registered: 2020-06-18
Posts: 20

Re: [SOLVED] docker failing - iptables: Index of replacement too big.

it was my own fault, with the fix for another problem

removing the override file fixed the issue

Offline

Pages: 1

Board footer

Powered by FluxBB