Rob Murray

The log snippet looks like it was generated with `"iptables": false` ... that would prevent devices being added to the firewalld zone. (If you've re-enabled `iptables` by editing `daemon.json`, you'll...

Thank you @ep1p ... I think I've managed to repro the problem now. So far, I'm still mystified (!), but at least I've got something to look at.

When the daemon starts, if either `iptables` or `ip6tables` are enabled, it loads the `br-netfilter` module so that it's possible to filter packets traversing bridges. https://github.com/moby/moby/blob/b3c775059314039807862defe9f531c2bca049db/libnetwork/drivers/bridge/bridge_linux.go#L508-L514 When the module loads,...

> So, I think the fix will be to disable them all, if the daemon loads the module during startup. They'll then be enabled if needed. Or maybe, only try...

Rebased (to get rid of the DNS commits), and updated the comment Cory commented on.

The `postgres:10` image has `"ExposedPorts": { "5432/tcp": {} }` - and the [daemon code](https://github.com/moby/moby/blob/20d5f062b46da5cfddc04498f01a67f58dcaf57e/daemon/commit.go#L28-L36) to merge exposed ports from the image and the `container create` request doesn't notice that's the...

Just found a previous PR/discussion related to address pool sizes. So, linking it here, but it looks like that work stalled in April last year ... - https://github.com/moby/moby/pull/47737#issuecomment-2078055376

> Actually, I take that back; one implication of the upstream changes is the daemon won't be able to treat `/24` style subnet requests as implicit `0.0.0.0/N` or `::/N` prefixes...

https://github.com/moby/moby/pull/51134 is merged now ... so the change needed here is to check for the unspecified address in the subnet in `ipamConfig` (as well as a missing subnet in the...

> Updated that block and added a new integration test that validates stable subnets for v4, v6, and dual stack networks on restart. Excellent, thank you! I'll take a final...