Skip to content

Switch to iptables-wrappers #73641

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Taffer merged 9 commits into from
Dec 5, 2025
Merged

Switch to iptables-wrappers #73641

Taffer merged 9 commits into from
Dec 5, 2025

Conversation

@Taffer
Copy link
Member

@Taffer Taffer commented Dec 2, 2025

Everything that can be using iptables-wrappers should be using iptables-wrappers. These all built/tested locally ("works on my machine"), so 🤞 ...

@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Dec 2, 2025
@Taffer Taffer enabled auto-merge (squash) December 2, 2025 22:16
sergiodj
sergiodj previously requested changes Dec 2, 2025
View reviewed changes
Copy link
Member

@sergiodj sergiodj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Taffer. Small question about a change.

EyeCantCU
EyeCantCU requested changes Dec 3, 2025
View reviewed changes
@Taffer Taffer disabled auto-merge December 3, 2025 17:34
@Taffer Taffer enabled auto-merge (squash) December 3, 2025 17:34
@Taffer
Copy link
Member Author

Taffer commented Dec 3, 2025

rancher-2.12 needs #73714 to land before it'll succeed, I was tricked locally by an apk feature into thinking it could go in the batch already.

@Taffer Taffer force-pushed the iptables-wrapper-all-the-things branch 2 times, most recently from 7dd5d6f to ef6741f Compare December 5, 2025 13:49
@Taffer Taffer disabled auto-merge December 5, 2025 13:49
@Taffer Taffer enabled auto-merge (squash) December 5, 2025 13:50
@Taffer Taffer force-pushed the iptables-wrapper-all-the-things branch from 121f7a1 to b70c7f0 Compare December 5, 2025 15:32
@Taffer Taffer force-pushed the iptables-wrapper-all-the-things branch from f76cf0a to 2db8520 Compare December 5, 2025 16:07
@octo-sts

This comment was marked as off-topic.

Sign in to view
@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Dec 5, 2025
EyeCantCU
EyeCantCU approved these changes Dec 5, 2025
View reviewed changes
Copy link
Member

@EyeCantCU EyeCantCU left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work on this! Documenting for anyone passing by - linkerd2 will need an iptables-wrappers-xtables-privileged packaged, or alternatively, just an xtables-privileged package will need to be created that only includes xtables and provides xtables (so that it can be used with iptables-wrappers). Removing iptables at runtime for now is the right call

@Taffer Taffer merged commit f09afb0 into wolfi-dev:main Dec 5, 2025
15 of 16 checks passed
@Taffer Taffer deleted the iptables-wrapper-all-the-things branch December 5, 2025 19:50
Taffer added a commit to Taffer/os that referenced this pull request Dec 16, 2025
@Taffer
Revert "Switch to iptables-wrappers (wolfi-dev#73641)"
0afbcac 
This reverts commit f09afb0.
Taffer added a commit to Taffer/os that referenced this pull request Dec 16, 2025
@Taffer
Revert "Switch to iptables-wrappers (wolfi-dev#73641)"
d70ac88 
This reverts commit f09afb0.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EyeCantCU EyeCantCU EyeCantCU approved these changes

@sergiodj sergiodj sergiodj left review comments

Assignees

No one assigned

Labels

ai/skip-comment Stop AI from commenting on PR bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Taffer @sergiodj @EyeCantCU