Pin iptables to 1.8.9 (legacy)

With Alpine 3.19, iptables gets bumped to 1.8.10 which uses nftables. The host OS still uses iptables 1.8.7 (legacy), and we should use legacy as well until the OS uses nftables. See: https://balena.zulipchat.com/#narrow/stream/345889-balena-io.2Fos/topic/iptables.20host.20vs.2E.20nftables.20Supervisor Change-type: patch Signed-off-by: Christina Ying Wang <christina@balena.io>
2025-03-21 19:45:19 +00:00 · 2024-03-18 14:14:58 -07:00 · 2024-03-18 14:14:58 -07:00 · 3d881347e7
commit 3d881347e7
parent 8b173918ea
1 changed files with 6 additions and 3 deletions
--- a/Dockerfile.template
+++ b/Dockerfile.template
@ -58,7 +58,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends systemd
 COPY ./build-utils/setup-journal.sh /
 RUN /setup-journal.sh

-
 ###################################################
 # Extra dependencies. This uses alpine 3.11 as the
 # procmail package was removed on 3.12
@ -92,14 +91,18 @@ COPY mount-partitions.sh .
 # Runtime dependencies
 RUN apk add --update --no-cache \
 	$NODE \
-	iptables \
-	ip6tables \
 	rsync \
 	dbus \
 	dmidecode \
 	sqlite-libs \
 	lsblk

+# Iptables should be pinned to 1.8.9 (legacy) as balenaOS still uses iptables-legacy
+RUN apk add --update --no-cache \
+	--repository=http://dl-cdn.alpinelinux.org/alpine/v3.18/main \
+	iptables~=1.8.9 \
+	ip6tables~=1.8.9
+
 ARG ARCH
 ARG VERSION=master
 ENV LED_FILE=/dev/null \