On RedHat Enterprise 9.x, the default ip_tables module has been replaced by nf_tables. The ip_tables module is now considered 'deprecated' and is not loaded by default, even after installing the iptables package.

sysctl sh
#
# iptables -t nat -L -v
iptables v1.8.7 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
#
#
# iptables -t mangle -L -v
iptables v1.8.7 (legacy): can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
#
#

Manually loading the module using modprobe ip_tables resolves the issue.

[root@localhost ~]# modprobe ip_tables
[root@localhost ~]# docker restart cfos
[root@localhost ~]# docker exec -it cfos /bin/cli

On Ubuntu and other distributions, the module is loaded automatically, even without the iptables package installed.

For that module to be loaded on startup automatically, add it to a new file inside /etc/modules-load.d/ by running the following command:

[root@localhost ~]# echo ip_tables > /etc/modules-load.d/ip_tables.conf
[root@localhost ~]# cat /etc/modules-load.d/ip_tables.conf
ip_tables

To ensure that it has been loaded, run the following command:

[root@localhost ~]# lsmod | grep ip_tables

ip_tables

See the Red Hat documentation for more information on this: Chapter 3. Managing kernel modules | Red Hat Product Documentation