For me unexpected shutdowns caused some issues with the storage being mounted in read only mode maybe due to a weird corruption which pretty much stops everything from working. I suggest to check storages and check the kernel logs (dmesg or logread), see if these are OK and no serious errors, hopefully if you find an error it may be in a post here on the forum.
For restarting docker, try the following diagnosis:
start docker with the below and check if docker is running again
/etc/init.d/docker restart
if the above didn't work, first check that there aren't any instances of docker running and then start docker manually and check for errors in the output:
# check if docker is not running, output should only showing
# the grep command meaning no other processing that match
# 'docker' are running
ps | grep docker
# start docker manually and check for any errors in the output,
# the below command will run in the foreground so you'll need
# another ssh session if you want to check things while keeping
# the first session with docker running on it. To stop docker
# process try hitting Ctrl+C or Ctrl+D.
/usr/bin/dockerd --config-file=/tmp/dockerd/daemon.json
opkg install docker
Package docker (20.10.16-1) installed in root is up to date.
/etc/init.d/docker restart
-ash: /etc/init.d/docker: not found
dmesg had a lot of stuff in it, not sure what's relevant or not. It's not my first time dealing with dockers in Linux based systems, I've never had something like this happen. Would removing docker and reinstalling solve this? If so, what would happen to everything I set up until now?
dmesg | grep corrupt
[ 4.130069] FAT-fs (sda1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
fsck
-ash: fsck: not found
It only happened to me a couple of times and I didn't get the chance to write down the steps due to being in rush. I recall having to run the fsck.ext4 on the ext4 partition that had the root file system. Something like the below (this only applies if using x86/x86_64 with ext4 fs, not squash fs):
# to check the path of the partition, use fdisk on the disk path then type the letters p then q.
# type m for more help. Here it is assumed that /dev/sda is the disk in use but it could
# a different path (in most cases it's usually /dev/sda)
fdisk /dev/sda
# use fsck to resolve corruption with the partition based on the path shown in fdisk, it
# should be the partition that does not have boot flag on. Answer the questions with y.
fsck.ext4 /dev/sda2
reboot
If the above didn't work due to command not found, then I guess you'll have to use a "Linux LiveCD" or a "Bootable Gparted image" and mount the disk to it to be able to run the above commands and fix the corruption.
Having the same issue: no internet connection form inside a container. There are some comments in /etc/config/dockerd about it being incompatible with fw4; that could be why it is not working at this time.
dockerd officially supports iptables only not nftables which is the core fw element in 22.03.
dockerd service requires some fix (search in the forum for the possible solution) to work in 22.03 properly.
blocked_interface + extra_iptables_args are the right way: first tells disallow communication between dockerd network stack and those interfaces in the list; 2nd tells, as explained by the comment, to make outgoing traffic from docker network and accept reply traffic. obviously if you don't want to allow wan (or any other interface) to communicate with dockerd network stack just use blocked_interface option.
LXC is indeed a good alternative if you are not short of storage and if you're happy to do manual upgrades of OS + app instead of docker pull & recreate & run sequence. there are benefits on both sides, use what is better for you. or you can even use both parallel.
LXC feels so much light weight vs Docker and takes less space as well. Just like in Docker, it is possible to control resources and priorities and do other tricks.
Circling back on this one. I've followed the same tutorial listed in OP and still have internet. It looks like @grrr2 said something can work, with fixes, but need to search for those fixes. I've also read the other thread about nftables and dockerd, but still have no luck
Are there a definitive list of fixes which allows pihole to be run via macvlan with OpenWRT and nftables?
what if you just use --network=host, fire up pihole, adjust ports as needed (e.g. move default dnsmasq to port 54 instead of 53 allowing pihole to bind port 53 etc).
i use adguard home with this kind of approach and it works. i could even use adguard as dhcp server, which i don't (*), so dnsmasq is still there but that's up to you.
(*) because it is very limited, only supports one interface for example.