Received: from submarine.notk.org (submarine.notk.org [62.210.214.84])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id E486E2235F8
	for <~alpine/devel@lists.alpinelinux.org>; Sat,  3 Jan 2026 04:51:21 +0000 (UTC)
Received: from gaia.codewreck.org (localhost [127.0.0.1])
	by submarine.notk.org (Postfix) with ESMTPS id 0A4F814C2D6;
	Sat,  3 Jan 2026 05:51:19 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org;
	s=2; t=1767415880;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=+/lGvJBCPNG8tYnyu+W7sjQZ532nFa2V8hZHfPda2jo=;
	b=2wLT7GDOFsFE2FFe5hRF79r7CvepJBgRGyWcwyI2cXowu7IIOhpXbbBAPOJY3jpqLO6j19
	sHL/40OHyMxbUYHmnEe/Ooq0iPEInh4IG+/nnog+KbO8KBlvC+U7mDjKZ2RQMVuKNee0c6
	mEnStg+tIBi3j1ahby8aSRXxJ/tSfB4Prp66WVlOhEj7Tz33xx5n1WwnwWbrYTpXB9HY85
	CTnHKhdkqIdr7uN0BdSfHDRyVddIlKt+o6z2om/ni8tciLs3txG7TSI8knopona0VSsVfX
	RSvhjeBs/gjqyGOmIElSJA3/2IBU3Tu25xDsOEG4OgKYuwabTmP03bRebMIrYw==
Received: from localhost (gaia.codewreck.org [local])
	by gaia.codewreck.org (OpenSMTPD) with ESMTPA id 79677ace;
	Sat, 3 Jan 2026 04:51:18 +0000 (UTC)
Date: Sat, 3 Jan 2026 13:51:03 +0900
From: Dominique Martinet <asmadeus@codewreck.org>
To: "W. Michael Petullo" <mike@flyn.org>
Cc: ~alpine/devel@lists.alpinelinux.org
Subject: Re: Preferred firewall
Message-ID: <aVigNx0R5idi1JkJ@codewreck.org>
References: <aVhxrpww1wvEmBWB@imp.flyn.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <aVhxrpww1wvEmBWB@imp.flyn.org>

W. Michael Petullo wrote on Fri, Jan 02, 2026 at 07:32:30PM -0600:
> I maintain an application on Alpine, and I have become a little confused
> about the distribution's preferred firewall stack. Until now, I have
> used awall. Recently, I found that my approach had to change slightly,
> because Alpine 3.23 does not by default provide the ip_tables module:

FWIW alpine 3.19 changed the default iptables package from
iptables-legacy to iptables-nft, so iptables commands (and thus as far
as I understand awall as well, although I didn't check) should not use
the ip_tables module, but nftables

If you still pull in iptables-legacy try using iptables-nft from the
iptables package

-- 
Dominique Martinet | Asmadeus