Arch Linux

9550 readers

1 users here now

The beloved lightweight distro

founded 6 years ago

MODERATORS

k_o_t@lemmy.ml

Why is nftables a dependency for docker? (lemmy.dbzer0.com)

submitted 1 week ago by Infernal_pizza@lemmy.dbzer0.com to c/archlinux@lemmy.ml

2 comments fedilink hide all child comments

Why is nftables a dependency for docker? I thought docker used iptables for networking? Also I didn't think you were supposed to have nftables and iptables installed at the same time so should I now replace iptables with iptables-nftables?

you are viewing a single comment's thread
view the rest of the comments

[–] Infernal_pizza@lemmy.dbzer0.com 1 points 1 week ago

I don't usually manage iptables rules myself, I usually use ufw because I find it much easier to work with. I'm just migrating to a new host and wanted to fix the fact that docker ignores ufw rules by default using these iptables rules: https://github.com/chaifeng/ufw-docker#solving-ufw-and-docker-issues

When I installed docker I noticed it installed nftables as a dependency which confused me because everything I can see suggests it still uses iptables by default unless you explicitly configure it not to. nft list ruleset is blank so it doesn't look like it has created any nftables rules, and I can see a bunch of docker rules with iptables-save. Because of this I'm assuming those ufw iptables rules will still work as they have before?

When you say nftables can work with iptables rules is that just with iptables-nft? That seems to be the only way to get ufw to work with nftables but the wiki seems to suggest not using iptables-nft with docker: https://wiki.archlinux.org/title/Nftables#Working_with_Docker