Failed to start docker-daemon: Firewalld: docker zone already exists

Question

I have the following after running firewall-cmd --get-active-zones

public
  interfaces: virbr0 docker0 lxcbr0 wlan0
trusted
  sources: 172.17.0.0/16 53.0.0.0/8

These are insights I got from failed to start daemon: Error initializing network controller: Error creating default "bridge" network

The problem is, sudo dockerd fails with error messages, among which there is

failed to start daemon: Error initializing network controller: Error creating default "bridge" network: Failed to program NAT chain: ZONE_CONFLICT: 'docker0' already bound to a zone

How to manipulate the zone so that I can start the docker daemon?

EDIT: This solution worked for me:

sudo firewall-cmd --permanent --new-zone=docker 
sudo firewall-cmd --reload
sudo firewall-cmd --permanent --zone=docker --add-interface=docker0

score 1 · Answer 1 · answered Mar 30 '23 at 15:11

this works (do all the steps):

Check if docker zone exists in firewall-cmd

$ firewall-cmd --get-active-zones

If "docker" zone is available, change interface to docker0 (not persisted)

$ sudo firewall-cmd --zone=docker --change-interface=docker0

If "docker" zone is available, change interface to docker0 (persisted, thanks rbjorklin)

$ sudo firewall-cmd --permanent --zone=docker --change-interface=docker0
$ sudo systemctl restart firewalld

credit: https://gist.github.com/reytech-dev/1cbbb158df374018be454537de32a428

score 0 · Answer 2 · answered Oct 27 '22 at 05:44

0

it was better to mention the solution in answers @Ilonpilaaja. this commands worked for me too:

sudo firewall-cmd --permanent --new-zone=docker 
sudo firewall-cmd --reload
sudo firewall-cmd --permanent --zone=docker --add-interface=docker0

answered Oct 27 '22 at 05:44

DaniyalVaghar

138
1
2
9

Failed to start docker-daemon: Firewalld: docker zone already exists

2 Answers2