Docker doesn't launch after updating to 25.12.2: Failed to Setup IP tables

g7fqc · April 4, 2026, 7:48pm

I upgraded my MT6000 from 24.10.4 to 25.12.2, and now dockerd refuses to start, with the following logs every time:

[Apr 4, 2026, 3:14:51 PM EDT] daemon.err: modprobe: failed to find a module named aufs
[Apr 4, 2026, 3:14:52 PM EDT] daemon.err: dockerd[5854]: time="2026-04-04T19:14:52.810161910Z" level=warning msg="Could not load necessary modules for IPSEC rules: protocol not supported"
[Apr 4, 2026, 3:14:52 PM EDT] daemon.info: modprobe: nf_conntrack is already loaded
[Apr 4, 2026, 3:14:52 PM EDT] daemon.err: modprobe: failed to find a module named nf_conntrack_netlink
[Apr 4, 2026, 3:14:53 PM EDT] daemon.err: dockerd[5854]: time="2026-04-04T19:14:52.997940794Z" level=warning msg="could not create bridge network for id 8af771f8b6b73185758ef491b88a212aa4996988ea0537a196f30b89be734dab bridge name docker0 while booting up from persistent state: Failed to Setup IP tables: Unable to enable NAT rule:  (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE: iptables v1.8.10 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain POSTROUTING\n (exit status 4))"
[Apr 4, 2026, 3:14:54 PM EDT] daemon.err: dockerd[5854]: failed to start daemon: Error initializing network controller: error creating default "bridge" network: Failed to Setup IP tables: Unable to enable NAT rule:  (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE: iptables v1.8.10 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain POSTROUTING
[Apr 4, 2026, 3:14:54 PM EDT] daemon.err: dockerd[5854]:  (exit status 4))

I installed kmod-nf-conntrack-netlink and kmod-ipsec, and wiped my docker directory to reduce it to:

[Apr 4, 2026, 3:45:31 PM EDT] daemon.err: modprobe: failed to find a module named aufs
[Apr 4, 2026, 3:45:33 PM EDT] daemon.info: modprobe: nf_conntrack is already loaded
[Apr 4, 2026, 3:45:33 PM EDT] daemon.info: modprobe: nf_conntrack_netlink is already loaded
[Apr 4, 2026, 3:45:34 PM EDT] daemon.err: dockerd[5272]: failed to start daemon: Error initializing network controller: error creating default "bridge" network: Failed to Setup IP tables: Unable to enable NAT rule:  (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE: iptables v1.8.10 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain POSTROUTING
[Apr 4, 2026, 3:45:34 PM EDT] daemon.err: dockerd[5272]:  (exit status 4))

But I'm not able to figure out what other dependencies/changes are needed. iptables -N POSTROUTING has no effect.

g7fqc · April 4, 2026, 9:18pm

For some reason owut moved me from firewall4 to firewall, switching back fixed the issue.

system · April 14, 2026, 9:18pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.