From 457038ff7ca025b5b338eff37f4df179e827154c Mon Sep 17 00:00:00 2001 From: Mario Loriedo Date: Wed, 19 Nov 2025 13:36:15 +0100 Subject: [PATCH] Remove iptables from packages Podman 6.0 won't support iptables anymore. It's a good opportunity to remove iptables from machine-os too. iptables kernel modules are kept to avoid breaking containers that requires them (e.g. docker in docker). This is a follow-up of https://github.com/containers/netavark/pull/1353 https://github.com/containers/podman/pull/27555 and related to https://issues.redhat.com/browse/RUN-3723 Signed-off-by: Mario Loriedo --- podman-image/build_common.sh | 1 - podman-image/podman-iptables.conf | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/podman-image/build_common.sh b/podman-image/build_common.sh index f694523c..9aa7d7f8 100755 --- a/podman-image/build_common.sh +++ b/podman-image/build_common.sh @@ -99,7 +99,6 @@ PACKAGES=( openssh-server cifs-utils nfs-utils-coreos - iptables-nft iproute dhcp-client diff --git a/podman-image/podman-iptables.conf b/podman-image/podman-iptables.conf index 372b3307..ff529b2f 100644 --- a/podman-image/podman-iptables.conf +++ b/podman-image/podman-iptables.conf @@ -4,8 +4,8 @@ # still need it, i.e. nested docker or older podman. # Normally it would be up to the sys admin to configure this but given # podman machine os is more of "managed" OS we should just keep it to -# avoid breaking users, https://github.com/containers/podman/issues/25153. -# TODO (6.0): consider removing this in a major release where we can justify -# removing legacy modules. +# avoid breaking users: +# - https://github.com/containers/podman/issues/25153. +# - https://github.com/containers/podman-machine-os/pull/197#issuecomment-3558043836 ip_tables ip6_tables