this post was submitted on 28 Feb 2026
7 points (88.9% liked)

Arch Linux

9550 readers
1 users here now

The beloved lightweight distro

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
7
Why is nftables a dependency for docker? (lemmy.dbzer0.com)
submitted 1 week ago by Infernal_pizza@lemmy.dbzer0.com to c/archlinux@lemmy.ml
2 comments fedilink hide all child comments
 

Why is nftables a dependency for docker? I thought docker used iptables for networking? Also I didn't think you were supposed to have nftables and iptables installed at the same time so should I now replace iptables with iptables-nftables?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] nous@programming.dev 8 points 1 week ago* (last edited 1 week ago) (1 children)

Looks like there is going to be a shift to using nftables in arch. The iptables package in core is currently for the legacy interface with an iptables-nft package for the new interface, but the core-testing iptables package is for nft interface and there is now a iptables-legacy package in core-testing.

My guess is they are moving packages that can work with nftables to depend on that instead of iptables which looks like it is shortly going to be using the new nftables interface anyway. Probably as part of migrating to nftables by default. Looks like docker does have experimental support for nftables in version 1.29 and that is when the dependency was added to the PKGBUILD script.

It does not look like nftables or iptables conflict with each other at a package level. And nftables can work with iptables rules.

It is probably worth just migrating to nftables now if you rely on managing iptables yourself.

[โ€“] Infernal_pizza@lemmy.dbzer0.com 1 points 1 week ago

I don't usually manage iptables rules myself, I usually use ufw because I find it much easier to work with. I'm just migrating to a new host and wanted to fix the fact that docker ignores ufw rules by default using these iptables rules: https://github.com/chaifeng/ufw-docker#solving-ufw-and-docker-issues

When I installed docker I noticed it installed nftables as a dependency which confused me because everything I can see suggests it still uses iptables by default unless you explicitly configure it not to. nft list ruleset is blank so it doesn't look like it has created any nftables rules, and I can see a bunch of docker rules with iptables-save. Because of this I'm assuming those ufw iptables rules will still work as they have before?

When you say nftables can work with iptables rules is that just with iptables-nft? That seems to be the only way to get ufw to work with nftables but the wiki seems to suggest not using iptables-nft with docker: https://wiki.archlinux.org/title/Nftables#Working_with_Docker