hotfix(firewall): support iptables-legacy for older kernels

2024-05-02 16:54:29 +00:00
parent 6dd27e53d4
commit fb145d68a0
3 changed files with 3 additions and 3 deletions
--- a/2
+++ b/2
@@ -218,7 +218,7 @@ RUN apk add --no-cache --update -l wget && \
    apk add --no-cache --update -X "https://dl-cdn.alpinelinux.org/alpine/v3.17/main" openvpn\~2.5 && \
    mv /usr/sbin/openvpn /usr/sbin/openvpn2.5 && \
    apk del openvpn && \
-    apk add --no-cache --update openvpn ca-certificates iptables ip6tables unbound tzdata && \
+    apk add --no-cache --update openvpn ca-certificates iptables iptables-legacy unbound tzdata && \
    mv /usr/sbin/openvpn /usr/sbin/openvpn2.6 && \
    # Fix vulnerability issue
    apk add --no-cache --update busybox && \
--- a/internal/firewall/firewall.go
+++ b/internal/firewall/firewall.go
@@ -38,7 +38,7 @@ type Config struct { //nolint:maligned
 func NewConfig(ctx context.Context, logger Logger,
 	runner command.Runner, defaultRoutes []routing.DefaultRoute,
 	localNetworks []routing.LocalNetwork) (config *Config, err error) {
-	iptables, err := checkIptablesSupport(ctx, runner, "iptables", "iptables-nft")
+	iptables, err := checkIptablesSupport(ctx, runner, "iptables", "iptables-nft", "iptables-legacy")
 	if err != nil {
 		return nil, err
 	}
--- a/internal/firewall/ip6tables.go
+++ b/internal/firewall/ip6tables.go
@@ -15,7 +15,7 @@ import (
 // empty string path is returned.
 func findIP6tablesSupported(ctx context.Context, runner command.Runner) (
 	ip6tablesPath string, err error) {
-	ip6tablesPath, err = checkIptablesSupport(ctx, runner, "ip6tables", "ip6tables-nft")
+	ip6tablesPath, err = checkIptablesSupport(ctx, runner, "ip6tables", "ip6tables-nft", "ip6tables-legacy")
 	if errors.Is(err, ErrIPTablesNotSupported) {
 		return "", nil
 	} else if err != nil {