fix: switch to iptables-legacy in container

Debian node:18-slim defaults to iptables-nft which requires nftables kernel access that Docker's seccomp profile blocks even with NET_ADMIN. Switch to iptables-legacy which works correctly with NET_ADMIN + NET_RAW. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 17:12:20 +00:00
parent 4f0129053c
commit 04964dd174
1 changed files with 2 additions and 0 deletions
--- a/2
+++ b/2
@@ -24,6 +24,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
      ipset \
      curl \
      jq \
+    && update-alternatives --set iptables  /usr/sbin/iptables-legacy \
+    && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \
    && rm -rf /var/lib/apt/lists/* \
    # Remove debian default jail (enables sshd which has no log file in container)
    && rm -f /etc/fail2ban/jail.d/defaults-debian.conf