This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
I tired to enable the new docker support after upgrading to CSF 12.00 and remove our old csfpost.sh but I get this when I try to restart CSF on our Plesk server (using csf generic). It looks like the docker0 device isn't being passed to the new rules? In our upgraded csf.conf there was no DOCKER_DEVICE setting present in the config file.
[root@dev0.server~]# csf -r
Bad argument `MASQUERADE'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `conntrack'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `ACCEPT'
Try `iptables -h' or 'iptables --help' for more information.
*ERROR* line:[1252]
Command:[/sbin/iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o -j MASQUERADE]
Error:[Bad argument `MASQUERADE']
You should check through the main output carefully
*ERROR* line:[1253]
Command:[/sbin/iptables -A FORWARD -o -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT]
Error:[Bad argument `conntrack']
You should check through the main output carefully
*ERROR* line:[1254]
Command:[/sbin/iptables -A FORWARD -i ! -o -j ACCEPT]
Error:[Bad argument `ACCEPT']
You should check through the main output carefully
Update: manually adding the DOCKER_DEVICE missing option below to the docker section in /etc/csf/csf.conf fixed the problem:
Does this still work for you? I cannot make CSF play nice with Docker. Latest Docker and latest CentOS 7.
Initially it seems to work. I can launch containers, restart, etc. But then if I make some change on CSF and restart it, Docker will complain about iptables rules. It seems restarting the Docker service fixes this but I'm sure if that is the issue because even restarting the server will not fix this until you restart the Docker service manually which seems really strange.