Add iptables-legacy and fall back to it if the normal iptables comman…

…d doesn't work. Fixes #476
linuxserver · Jul 1, 2024 · 625b11d · 625b11d
1 parent 77accb3
commit 625b11d
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -27,6 +27,7 @@ RUN \
   apk add --no-cache \
     fail2ban \
     gnupg \
+    iptables-legacy \
     memcached \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \

diff --git a/readme-vars.yml b/readme-vars.yml
@@ -168,6 +168,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "01.07.24:", desc: "Fall back to iptables-legacy if iptables doesn't work." }
   - { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." }
   - { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." }
   - { date: "11.03.24:", desc: "Restore support for DynuDNS using `certbot-dns-dynudns`." }

diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
@@ -1,6 +1,15 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 
+if ! iptables -L &> /dev/null; then
+  ln -sf /sbin/xtables-legacy-multi /sbin/iptables
+  ln -sf /sbin/xtables-legacy-multi /sbin/iptables-save
+  ln -sf /sbin/xtables-legacy-multi /sbin/iptables-restore
+  ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables
+  ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-save
+  ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-restore
+fi
+
 # copy/update the fail2ban config defaults to/in /config
 cp -R /defaults/fail2ban/filter.d /config/fail2ban/
 cp -R /defaults/fail2ban/action.d /config/fail2ban/