I maintain an application on Alpine, and I have become a little confused
about the distribution's preferred firewall stack. Until now, I have
used awall. Recently, I found that my approach had to change slightly,
because Alpine 3.23 does not by default provide the ip_tables module:

# modprobe ip_tables
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/6.18.2-0-virt

Awall still seems to work due to the presence of x_tables, but this led
me to do some research that left me uncertain. Here are the questions I
am left with after reading several pieces of documentation:

It seems x_tables is old (e.g., https://lwn.net/Articles/155118/). Did
something change recently in Alpine to remove ip_tables (the kernel
module)?

Is it true that awall is tied to iptables (the utility)?

Does this mean that awall does not make use of nftables (the kernel
module)?

Which is preferred, awall or nftables?

Alpine's documentation still instructs to modprobe ip_tables
(https://wiki.alpinelinux.org/wiki/How-To_Alpine_Wall). Is this
now incorrect?

I am presently building Alpine installs using
https://dl-cdn.alpinelinux.org/alpine/v3.23/releases/x86_64/alpine-virt-3.23.0-x86_64.iso.

-- 
Mike

:wq

W. Michael Petullo wrote on Fri, Jan 02, 2026 at 07:32:30PM -0600:
> I maintain an application on Alpine, and I have become a little confused
> about the distribution's preferred firewall stack. Until now, I have
> used awall. Recently, I found that my approach had to change slightly,
> because Alpine 3.23 does not by default provide the ip_tables module:

FWIW alpine 3.19 changed the default iptables package from
iptables-legacy to iptables-nft, so iptables commands (and thus as far
as I understand awall as well, although I didn't check) should not use
the ip_tables module, but nftables

If you still pull in iptables-legacy try using iptables-nft from the
iptables package

-- 
Dominique Martinet | Asmadeus

In my view, due to Maya (Illusion, better known as AI), it is impossible to classify bad packets from good ones. Text Maya is already solved and Alpine should add good packages for Maya, like torch7 and cutorch.

LLMs program so well that programming LLMs like Qwen, specialized for a certain language are very important.

We at Whitelist Tech, therefore say, whitelisting is the future, i.e. , whitelist certain IPs, using nftables. 


On 3 जनवरी 2026 7:02:30 am IST, "W. Michael Petullo" <mike@flyn.org> wrote:
>I maintain an application on Alpine, and I have become a little confused
>about the distribution's preferred firewall stack. Until now, I have
>used awall. Recently, I found that my approach had to change slightly,
>because Alpine 3.23 does not by default provide the ip_tables module:
>
># modprobe ip_tables
>modprobe: FATAL: Module ip_tables not found in directory /lib/modules/6.18.2-0-virt
>
>Awall still seems to work due to the presence of x_tables, but this led
>me to do some research that left me uncertain. Here are the questions I
>am left with after reading several pieces of documentation:
>
>It seems x_tables is old (e.g., https://lwn.net/Articles/155118/). Did
>something change recently in Alpine to remove ip_tables (the kernel
>module)?
>
>Is it true that awall is tied to iptables (the utility)?
>
>Does this mean that awall does not make use of nftables (the kernel
>module)?
>
>Which is preferred, awall or nftables?
>
>Alpine's documentation still instructs to modprobe ip_tables
>(https://wiki.alpinelinux.org/wiki/How-To_Alpine_Wall). Is this
>now incorrect?
>
>I am presently building Alpine installs using
>https://dl-cdn.alpinelinux.org/alpine/v3.23/releases/x86_64/alpine-virt-3.23.0-x86_64.iso.
>

===============
Thanking you
Sagar Acharya
https://whitelist.co.in