gitea
6d2ca9ea57
Hosts running Docker with the default Debian/Ubuntu iptables use the nf_tables backend (iptables-nft). Inserting rules via iptables-legacy created them in a separate, unreferenced table — bans were recorded in fail2ban but packets were never dropped. Switching action commands to iptables-nft writes into the same DOCKER-USER chain that Docker manages, so bans take effect immediately. Also reverts the update-alternatives override from the Dockerfile since it is no longer needed (and generated noisy warnings). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
821 B
821 B