免重启解决docker No chain/target/match by that name 免重启解决方案

问题原因和基本思路

网上通用方案就是重启，然后通过docker的生命函数重新创建网桥，出现这个情况的原因就是因为iptables里面丢失了网桥配置，导致主机和容器网络不通，所以需要我们恢复网桥链接通过iptables，那么这个配置文件的重新载入就能实现

我们通过iptables -L -n | grep DOCKER ，可以看到如果没有证明docker的网桥配置丢失了那还搞个屁

【保存现在的配置】

iptables-save > my.ipt 
#将这个内存的映射导出到当前目录

【查看配置】

vim my.ipt

查看文件如下，为了将原有配置跟docker配置合并所以需要下载原来的文件避免出现其它问题

 #Generated by iptables-save v1.4.21 on Thu Feb  1 16:33:12 2024
*filter
:INPUT ACCEPT [106581789:28976139577]
:FORWARD ACCEPT [147087:8825220]
:OUTPUT ACCEPT [116406101:43593334612]
COMMIT
#Completed on Thu Feb  1 16:33:12 2024
#Generated by iptables-save v1.4.21 on Thu Feb  1 16:33:12 2024
*nat
:PREROUTING ACCEPT [207224:12269475]
:INPUT ACCEPT [89680:5216807]
:OUTPUT ACCEPT [763177:50807942]
:POSTROUTING ACCEPT [880721:57860610]
COMMIT
#Completed on Thu Feb  1 16:33:12 2024
Ps：*[表名就是]

【追加配置】

nat表增加：
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN


filter表增加：
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN

结果：
#Generated by iptables-save v1.4.21 on Thu Feb  1 16:33:12 2024

*filter
:INPUT ACCEPT [106581789:28976139577]
:FORWARD ACCEPT [147087:8825220]
:OUTPUT ACCEPT [116406101:43593334612]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
#Completed on Thu Feb  1 16:33:12 2024
#Generated by iptables-save v1.4.21 on Thu Feb  1 16:33:12 2024
*nat
:PREROUTING ACCEPT [207224:12269475]
:INPUT ACCEPT [89680:5216807]
:OUTPUT ACCEPT [763177:50807942]
:POSTROUTING ACCEPT [880721:57860610]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT

【重新载入配置】

iptables-restore < my.ipt

【查看结果】

iptables -L -n | grep DOCKER