<20210515133248.txheslwbqlzxzecn@disroot.org>
Hi, I'm wondering if it's possible to change iptables family of commands to point to the iptables-nft* versions instead. Currently looking at Docker which seem to to put iptables rules in the legacy tables. Docker seems to just use iptables https://docs.docker.com/network/iptables/ and the recommended solution seems to be to do something like: sudo update-alternatives --set iptables /usr/sbin/iptables-legacy sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy However this is only for Debian based distributions. I thought about wiping the table and using nftables (what I prefer) but the only issue with that is I would have to manually update it as this person points out. https://gist.github.com/goll/bdd6b43c2023f82d15729e9b0067de60#gistcomment-3738515 I also found that it interfers with LXD and KVM https://discuss.linuxcontainers.org/t/lxd-and-docker-firewall-redux-how-to-deal-with-forward-policy-set-to-drop/9953/7 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865975 In theory if there was a nice way to make Alpine Linux use the iptables-nft* variants by default, then I should be able to continue to use nftables as usual for my manual created rules. -- Daniel Gray (dng) 0x41911F722B0F9AE3 https://social.privacytools.io/@dngray