Skip to content

init-firewall.sh fails: "Failed to extract Docker DNS port" on fresh project setup #921

New issue
New issue
Open
Open
init-firewall.sh fails: "Failed to extract Docker DNS port" on fresh project setup#921
@MauricioKruijer

Description

@MauricioKruijer
MauricioKruijer
opened on Mar 26, 2026

Hello there, I just installed these files in a fresh symfony project and I am running into issues with devcontainers.

The postStartCommand fails because init-firewall.sh cannot extract the Docker DNS port this is preventing the devcontainer from completing its setup.

VSCode outputs:

Running the postStartCommand from devcontainer.json...

[7833 ms] Start: Run in container: /bin/sh -c sudo .devcontainer/init-firewall.sh
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
No Docker DNS rules to restore
Fetching GitHub IP ranges...
Adding GitHub range ...truncate...
ERROR: Failed to extract Docker DNS port

What's next:
    Try Docker Debug for seamless, persistent debugging tools in any container or image → docker debug da2e9bc561bad90071cbee4934668d2817af68581e245527b09990dce6befd56
    Learn more at https://docs.docker.com/go/debug-cli/
[8294 ms] postStartCommand from devcontainer.json failed with exit code 1. Skipping any further user-provided commands.

And PhpStorm finds a whole set of different error which is a bit unfortunate because that is my preferred IDE.

I believe postStartCommand is triggered automatically by the Dev Containers VSCode extension. I am currently in the dark in where to look to get this going.

Steps to reproduce

# change dir to empty / project folder
cd Development 

# checkout this repo
git clone [email protected]:dunglas/symfony-docker.git

# create a fresh symfony project
symfony new my-project

# cd into this repo project folder
cd symfony-docker

# copy files to symfony app (https://github.com/dunglas/symfony-docker/blob/main/docs/existing-project.md)
git archive --format=tar HEAD | tar -xC ../my-project/

# change to symfony project dir
cd ../my-project

# keep initial composer.json file
git checkout composer.json

# commit changes
git add .
git commit -m "feat: add symfony-docker setup"

# build / run containers
docker compose build --pull --no-cache
docker compose up --wait

# open vscode
code .

Follow quick start guide from https://github.com/dunglas/symfony-docker/blob/main/docs/claude-code.md

  1. Open the project in Visual Studio Code.
  2. When prompted "Reopen in Container", click Reopen in Container.
    Alternatively, open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P) and run
    Dev Containers: Reopen in Container.
  3. Wait for the container to build and start. On each container start, the
    postStartCommand configures the firewall automatically.
  4. Claude Code is pre-installed and configured in YOLO mode — open the Claude Code
    panel in Visual Studio Code or run claude in the integrated terminal to start using it.

That's it. Claude Code will run without permission prompts, and the firewall ensures
network access is restricted to only the necessary services.

Thats where I get stuck

I do not see a prompt with "Reopen in Container" so I try the alternative using the Command Pallet, that is where I run into the error mentioned above, see screenshot:

Image

This is really unfortunate because I really like the idea of having claude running behind a firewall

Environment

OS: macOS 13.7.8 (Ventura)
Docker Desktop: v4.35.1
VSCode: 1.113.0
Dev Containers extension: 0.447.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions