Is it possible to use iptables instead of nftables?

[kartikynwa]

I am trying out podman on Debian Trixie. I have iptables installed but not nftables. However, when I run a podman container it fails because netavark wants to use nftables:

Sep 10 09:23:18 ksodroid komga[8684]: Error: netavark: nftables error: unable to execute nft: No such file or directory (os error 2)

I installed nftables from apt and it works now but I would prefer to use iptables. Is it possible to make netavark use iptables instead?

Thank you.

[Luap99]

you just need to switch the firewall_driver in containers.conf to iptables, basically the inverse of the way described here https://fedoraproject.org/wiki/Changes/NetavarkNftablesDefault

But note we are about to deprecate the iptables driver and remove it likely next year. The nftables driver offers much better feature set and performance to us. And in general iptables has been deprecated for a long time now so I would recommend against using iptables.

[shivkr6]

lol we answered at the same time ;)

[shivkr6]

Change the following line in your containers.conf file
from:

# The firewall driver to be used by netavark.
# The default is empty which means netavark will pick one accordingly. Current supported
# drivers are "iptables", "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is
# experimental at the moment and not recommend outside of testing).
#
firewall_driver = "nftables"

to

firewall_driver = "iptables"

The containers.conf file is typically located in directories like /usr/share/containers/ and /etc/containers/.

[kartikynwa]

That was so fast. Thank you both. I will stick with nftables instead because of the planned deprecation. Thank you again.