<aside> <img src="/icons/question-mark_brown.svg" alt="/icons/question-mark_brown.svg" width="40px" />

I am using docker in debian12 and I encounter following warning when running docker info

WARNING: bridge-nf-call-iptables is disabled

WARNING: bridge-nf-call-ip6tables is disabled

</aside>

1. Check the current value of the settings:

Run the following commands to check the current values of the relevant sysctl settings:

bash
Copy code
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables

If the output shows 0, it means they are disabled (which is causing the warning).

• If you're encountering the following error: sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory Read further, otherwise jump to step 2

2. Apply the sysctl settings again

Now that the br_netfilter module is loaded, try setting the sysctl values again:

sudo sysctl -w net.bridge.bridge-nf-call-iptables=1
sudo sysctl -w net.bridge.bridge-nf-call-ip6tables=1

3. Make the changes permanent

To make sure the module is loaded automatically at boot and the settings persist, follow these steps:

a. Ensure the module loads at boot:

Add the br_netfilter module to the list of modules loaded at boot by editing /etc/modules-load.d/br_netfilter.conf:

sudo nano /etc/modules-load.d/br_netfilter.conf

Add the following line:

br_netfilter

Save the file and exit.

b. Add the sysctl settings:

Edit your /etc/sysctl.conf or create a custom sysctl configuration file in /etc/sysctl.d/ to ensure the settings persist after reboot.