mirror of
https://github.com/tailscale/tailscale.git
synced 2025-12-22 13:37:10 +00:00
723b9af21a
Re-instate the linking of iptables installed in Tailscale container to the legacy iptables version. In environments where the legacy iptables is not needed, we should be able to run nftables instead, but this will ensure that Tailscale keeps working in environments that don't support nftables, such as some Synology NAS hosts. Updates #17854 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
13 lines
738 B
Docker
13 lines
738 B
Docker
# Copyright (c) Tailscale Inc & AUTHORS
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
FROM alpine:3.22
|
|
RUN apk add --no-cache ca-certificates iptables iptables-legacy iproute2 ip6tables iputils
|
|
# Alpine 3.19 replaced legacy iptables with nftables based implementation. We
|
|
# can't be certain that all hosts that run Tailscale containers currently
|
|
# suppport nftables, so link back to legacy for backwards compatibility reasons.
|
|
# TODO(irbekrm): add some way how to determine if we still run on nodes that
|
|
# don't support nftables, so that we can eventually remove these symlinks.
|
|
RUN rm /usr/sbin/iptables && ln -s /usr/sbin/iptables-legacy /usr/sbin/iptables
|
|
RUN rm /usr/sbin/ip6tables && ln -s /usr/sbin/ip6tables-legacy /usr/sbin/ip6tables
|