17 lines
802 B
Docker
17 lines
802 B
Docker
|
# Custom wg-easy with iptables-nft (nftables-backed iptables)
|
||
|
|
# Fixes crash-loop when host kernel lacks legacy iptable_nat module.
|
||
|
|
FROM weejewel/wg-easy:latest
|
||
|
|
|
||
|
|
# Alpine's iptables-nft provides iptables that uses nftables kernel API
|
||
|
|
# instead of the legacy iptable_nat module. This works on kernels
|
||
|
|
# where only nftables netfilter modules are available.
|
||
|
|
RUN apk add --no-cache iptables-nft
|
||
|
|
|
||
|
|
# Ensure iptables-nft takes priority over legacy iptables
|
||
|
|
RUN ln -sf /sbin/iptables-nft /sbin/iptables && \
|
||
|
|
ln -sf /sbin/iptables-nft-save /sbin/iptables-save && \
|
||
|
|
ln -sf /sbin/iptables-nft-restore /sbin/iptables-restore && \
|
||
|
|
ln -sf /sbin/ip6tables-nft /sbin/ip6tables && \
|
||
|
|
ln -sf /sbin/ip6tables-nft-save /sbin/ip6tables-save && \
|
||
|
|
ln -sf /sbin/ip6tables-nft-restore /sbin/ip6tables-restore
|