Trace: • tcsh • misc

Differences

This shows you the differences between two versions of the page.

--- notes:misc [2024/12/02 15:32] – maff
+++ notes:misc [2024/12/04 12:28] (current) – external edit 127.0.0.1
@@ Line 24: / Line 24: @@
 This can happen on Alpine if using tailscale and upgrading to 1.76.6 or newer, as it now defaults to using nftables, conflicting with podman's default of using iptables. The fix is to ensure nftables is actually enabled by running ''rc-update add nftables default'' and then ''service nftables start'', followed by editing ''/etc/containers/containers.conf'' and changing ''#firewall_driver = ""'' to ''firewall_driver = "nftables"''. Then reboot.
+===== Alpine =====
+==== Traffic not passing when nftables active ====
+This happens when you enable nftables after installing it. The reason is that the default rules in /etc/nftables.nft drop incoming traffic by default. Replace it with the following file:
+<code - /etc/nftables.nft>
+#!/usr/sbin/nft -f
+# vim: set ts=4 sw=4:
+# You can find examples in /usr/share/nftables/.
+# Clear all prior state
+flush ruleset
+table inet filter {
+  chain input {
+    type filter hook input priority 0; policy accept;
+  }
+  chain forward {
+    type filter hook forward priority 0; policy accept;
+  }
+  chain output {
+    type filter hook output priority 0; policy accept;
+  }
+}
+# The state of stateful objects saved on the nftables service stop.
+include "/var/lib/nftables/*.nft"
+# Rules
+include "/etc/nftables.d/*.nft"
+</code>
+Then restart and enjoy.