Merge pull request 'fix: remove apk add iptables-nft — built-in on Alpine 3.18+' (#27 ) from fix/vpn-iptables-nft-v2 into master

Reviewed-on: #27
2026-05-13 16:49:23 +00:00
1 changed files with 5 additions and 5 deletions
--- a/vpn/Dockerfile
+++ b/vpn/Dockerfile
@@ -2,8 +2,8 @@
 # Fixes crash-loop when host kernel lacks legacy iptable_nat module.
 FROM ghcr.io/wg-easy/wg-easy:latest
-# The upstream image registers only iptables-legacy with update-alternatives.
+# The upstream image defaults to iptables-legacy via update-alternatives.
-# iptables-nft binary exists but isn't registered as an alternative.
+# Switch iptables to the nftables backend (already provided by the 'iptables'
-# Override the alternatives-managed symlinks directly.
+# package on Alpine 3.18+). No apk add needed — iptables-nft is built-in.
-RUN ln -sf /usr/sbin/iptables-nft /usr/sbin/iptables && \
+RUN update-alternatives --set iptables /usr/sbin/iptables-nft && \
-    ln -sf /usr/sbin/ip6tables-nft /usr/sbin/ip6tables
+    update-alternatives --set ip6tables /usr/sbin/ip6tables-nft