docker-engine does not have dependency on ip6tables - iptables rules don't get deleted when stopping container
I found that if you start a container and map a port to it, when you stop the container (and even delete it) the IPtables rule remains.
The docker-engine has a dependency upon iptables, but not ip6tables.
When you install ip6tables and restart docker daemon, it works as expected.
You will see when debugging docker daemon the following warning:
WARN Failed to find ip6tables: exec: "ip6tables": executable file not found in $PATH
But there is no mention of it being referenced when starting or stopping containers.
This fix has been tested three times, and proven to work.