gortium/compose
1
1
Fork 0
Code Issues Pull Requests 18 Actions Packages Projects Releases Wiki Activity
Files
5e242eb94638e5e10aa5491d5094ae381b3cd321
compose/vpn/Dockerfile
Hermes 5e242eb946 fix: add iptables-nft to wg-easy for nftables-only kernels 
wg-easy's Alpine wg-quick uses legacy iptables which requires the
iptable_nat kernel module. On NixOS kernels compiled without legacy
netfilter modules, the container crashes in a restart loop:

  iptables v1.8.3 (legacy): can't initialize iptables table 'nat'
  Table does not exist (do you need to insmod?)

Fix: build a custom image that installs Alpine's iptables-nft package
and symlinks iptables -> iptables-nft (nftables backend).
2026-05-12 14:52:33 -04:00

17 lines
802 B
Docker
Raw Blame History

# Custom wg-easy with iptables-nft (nftables-backed iptables)
# Fixes crash-loop when host kernel lacks legacy iptable_nat module.
FROM weejewel/wg-easy:latest
# Alpine's iptables-nft provides iptables that uses nftables kernel API
# instead of the legacy iptable_nat module. This works on kernels
# where only nftables netfilter modules are available.
RUN apk add --no-cache iptables-nft
# Ensure iptables-nft takes priority over legacy iptables
RUN ln -sf /sbin/iptables-nft /sbin/iptables && \
ln -sf /sbin/iptables-nft-save /sbin/iptables-save && \
ln -sf /sbin/iptables-nft-restore /sbin/iptables-restore && \
ln -sf /sbin/ip6tables-nft /sbin/ip6tables && \
ln -sf /sbin/ip6tables-nft-save /sbin/ip6tables-save && \
ln -sf /sbin/ip6tables-nft-restore /sbin/ip6tables-restore
Reference in New Issue View Git Blame Copy Permalink