OTBR Docker Container - failed to start firewall service

[FHFS]

I was working with the otbr docker container last year, it was working ok. I was trying out a new RCP firmware today and recreated the container. Now the container wont start. I did see that the container image was updated a few days ago. Is there a way to use a older docker image? I don't see any older images in the tags tab at https://hub.docker.com/r/openthread/otbr/tags?page=1&ordering=last_updated

pi@raspberrypi:~ $ docker run --sysctl "net.ipv6.conf.all.disable_ipv6=0 net.ipv4.conf.all.forwarding=1 net.ipv6.conf.all.forwarding=1" -p 8080:80 --dns=127.0.0.1 -it --volume /dev/ttyACM0:/dev/ttyACM0 --privileged openthread/otbr --radio-url spinel+hdlc+uart:///dev/ttyACM0?uart-baudrate=115200
WARNING: Localhost DNS setting (--dns=127.0.0.1) may fail in containers.
RADIO_URL: spinel+hdlc+uart:///dev/ttyACM0?uart-baudrate=115200
TUN_INTERFACE_NAME: wpan0
BACKBONE_INTERFACE: eth0
NAT64_PREFIX: 64:ff9b::/96
AUTO_PREFIX_ROUTE: true
AUTO_PREFIX_SLAAC: true
+++ dirname /app/script/server
++ cd /app/script/..
++ [[ ! -n x ]]
++ echo 'Current platform is ubuntu'
Current platform is ubuntu
++ with BORDER_ROUTING
++ local value
+++ printenv BORDER_ROUTING
++ value=1
++ [[ -z 1 ]]
++ [[ 1 == 1 ]]
++ with DHCPV6_PD
++ local value
+++ printenv DHCPV6_PD
++ value=
++ [[ -z '' ]]
++ [[ -f examples/platforms/ubuntu/default ]]
++ [[ '' == 1 ]]
++ with BORDER_ROUTING
++ local value
+++ printenv BORDER_ROUTING
++ value=1
++ [[ -z 1 ]]
++ [[ 1 == 1 ]]
++ with NETWORK_MANAGER
++ local value
+++ printenv NETWORK_MANAGER
++ value=
++ [[ -z '' ]]
++ [[ -f examples/platforms/ubuntu/default ]]
++ [[ '' == 1 ]]
++ STAGE_DIR=/app/stage
++ BUILD_DIR=/app/build
++ [[ -d /app/stage ]]
++ mkdir -v -p /app/stage
mkdir: created directory '/app/stage'
++ [[ -d /app/build ]]
++ mkdir -v -p /app/build
mkdir: created directory '/app/build'
++ export PATH=/app/stage/usr/bin:/app/stage/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
++ PATH=/app/stage/usr/bin:/app/stage/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+++ basename /app/script/server
++ TASKNAME=server
++ BEFORE_HOOK=examples/platforms/ubuntu/before_server
++ AFTER_HOOK=examples/platforms/ubuntu/after_server
++ [[ ! -f examples/platforms/ubuntu/before_server ]]
++ BEFORE_HOOK=/dev/null
++ [[ ! -f examples/platforms/ubuntu/after_server ]]
++ AFTER_HOOK=/dev/null
+ . script/_nat64
++ TAYGA_DEFAULT=/etc/default/tayga
++ TAYGA_CONF=/etc/tayga.conf
++ TAYGA_IPV4_ADDR=192.168.255.1
++ TAYGA_IPV6_ADDR=fdaa:bb:1::1
++ TAYGA_TUN_V6_ADDR=fdaa:bb:1::2
++ NAT44_SERVICE=/etc/init.d/otbr-nat44
++ WLAN_IFNAMES=eth0
+ . script/_dns64
++ BIND_CONF_OPTIONS=/etc/bind/named.conf.options
++ NAT64_PREFIX=64:ff9b::/96
++ DNS64_NAMESERVER_ADDR=127.0.0.1
+++ echo 64:ff9b::/96
+++ tr '"/"' '"/"'
++ DNS64_CONF='dns64 64:ff9b::/96 { clients { thread; }; recursive-only yes; };'
++ without NAT64
++ with NAT64
++ local value
+++ printenv NAT64
++ value=1
++ [[ -z 1 ]]
++ [[ 1 == 1 ]]
++ test ubuntu = ubuntu
++ '[' ubuntu = raspbian ']'
++ '[' ubuntu = beagleboneblack ']'
++ '[' ubuntu = ubuntu ']'
++ RESOLV_CONF_HEAD=/etc/resolvconf/resolv.conf.d/head
+ . script/_firewall
++ FIREWALL_SERVICE=/etc/init.d/otbr-firewall
++ sudo modprobe ip6table_filter
sudo: modprobe: command not found
++ true
+ main
+ . /dev/null
+ sudo sysctl --system
* Applying /etc/sysctl.d/10-console-messages.conf ...
kernel.printk = 4 4 1 7
* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
* Applying /etc/sysctl.d/10-kernel-hardening.conf ...
kernel.kptr_restrict = 1
* Applying /etc/sysctl.d/10-link-restrictions.conf ...
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/10-magic-sysrq.conf ...
kernel.sysrq = 176
* Applying /etc/sysctl.d/10-network-security.conf ...
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
* Applying /etc/sysctl.d/10-ptrace.conf ...
* Applying /etc/sysctl.d/10-zeropage.conf ...
vm.mmap_min_addr = 32768
* Applying /etc/sysctl.d/60-otbr-accept-ra.conf ...
net.ipv6.conf.eth0.accept_ra = 2
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 64
* Applying /etc/sysctl.d/60-otbr-ip-forward.conf ...
net.ipv6.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.conf ...
+ nat64_start
+ with NAT64
+ local value
++ printenv NAT64
+ value=1
+ [[ -z 1 ]]
+ [[ 1 == 1 ]]
+ with DOCKER
+ local value
++ printenv DOCKER
+ value=1
+ [[ -z 1 ]]
+ [[ 1 == 1 ]]
+ service tayga start
 * Starting userspace NAT64 tayga                                                                                [ OK ]
+ dns64_start
+ with NAT64
+ local value
++ printenv NAT64
+ value=1
+ [[ -z 1 ]]
+ [[ 1 == 1 ]]
+ with DNS64
+ local value
++ printenv DNS64
+ value=1
+ [[ -z 1 ]]
+ [[ 1 == 1 ]]
++ _detect_service_name
++ dpkg -L bind9
++ grep /etc/init.d/
++ cut -d/ -f4
+ service_name=bind9
+ have systemctl
+ command -v systemctl
+ command -v service
/usr/sbin/service
+ sudo service bind9 start
 * Starting domain name service... bind9                                                                         [ OK ]
+ firewall_start
+ with DOCKER
+ local value
++ printenv DOCKER
+ value=1
+ [[ -z 1 ]]
+ [[ 1 == 1 ]]
+ service otbr-firewall start
ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.6.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
+ die 'Failed to start firewall service'
+ echo ' *** ERROR:  Failed to start firewall service'
 *** ERROR:  Failed to start firewall service
+ exit 1
tail: cannot open '/var/log/syslog' for reading: No such file or directory
tail: no files remaining

[jwhui]

We recently updated the OTBR Docker Guide with a step to load kernel modules for ip6tables. See Step 6 in Docker Support - Overview - Linux setup. Can you see if that helps?

[FHFS]

I will check tomorrow. If it's new you must be right.

[FHFS]

Thanks! modprobe on the device works perfectly