Hey team!

With one of our customers, we recently faced a curious issue. They have a sort of security requirement to control Debian networking filtering platform with only one tool, either nftables or iptables. By the moment the OS has Docker-ce installed and both iptables and nftables. We tried to do “apt remove nftables” or “apt remove iptables” and noticed that they both are trying to uninstall docker-ce package with. In the other hand, if we try to install docker-ce on clean Debian VM it deploys both iptables and nftables with. Which looks pretty irrational since iptables package is mentioned as deprecated and replaced by nftables. Any ideas on how we could install docker-ce with either iptables only or with nftables only? Docker is installed from docker repo, not from Debian repos. If any additional details are required I’d gladly share them

Thank you!

I guess this is the answer why both packages are installed as dependencies:

Therefore, nftables cannot be enabled when the Docker daemon is running in Swarm mode.

I understand that it is not ideal.

Thanks a lot! That explains docker dependencies and requirements to have both packages at the same time

Thanks for the info, it seems Swarm is the last missing piece (epic).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.