gluetun: Bug: iptables-nft on host without nftables

Is this urgent?

No

Host OS

Ubuntu 16.04

CPU arch

x86_64

VPN service provider

Private Internet Access

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2022-03-15T08:20:32.863Z (commit 984e143)

What’s the problem 🤔

Running on a host with IPv6 enabled, looks like gluetun is now attempting to use nftables to drop incoming ipv6 traffic, however it seems that nftables is unable to locate the default chain (the host is running iptables not nftables).

ERROR cannot enable firewall: command failed: "ip6tables-nft --policy INPUT DROP": ip6tables v1.8.7 (nf_tables):  CHAIN_UPDATE failed (No such file or directory): chain INPUT: exit status 4

This issue does not happen on gluetun v3.28.0.

Share your logs

gluetun     | ========================================
gluetun     | ========================================
gluetun     | =============== gluetun ================
gluetun     | ========================================
gluetun     | =========== Made with ❤️ by ============
gluetun     | ======= https://github.com/qdm12 =======
gluetun     | ========================================
gluetun     | ========================================
gluetun     | 
gluetun     | Running version latest built on 2022-03-15T08:20:32.863Z (commit 984e143)
gluetun     | 
gluetun     | 🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
gluetun     | 🐛 Bug? https://github.com/qdm12/gluetun/issues/new
gluetun     | ✨ New feature? https://github.com/qdm12/gluetun/issues/new
gluetun     | ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
gluetun     | 💻 Email? quentin.mcgaw@gmail.com
gluetun     | 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
gluetun     | 2022/03/15 12:51:51 WARN You are using the old environment variable VPNSP, please consider changing it to VPN_SERVICE_PROVIDER
gluetun     | 2022/03/15 12:51:51 WARN You are using the old environment variable REGION, please consider changing it to SERVER_REGIONS
gluetun     | 2022/03/15 12:51:51 WARN You are using the old environment variable PROTOCOL, please consider changing it to OPENVPN_PROTOCOL
gluetun     | 2022/03/15 12:51:51 WARN You are using the old environment variable PIA_ENCRYPTION, please consider changing it to PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET
gluetun     | 2022/03/15 12:51:51 WARN You are using the old environment variable PORT_FORWARDING, please consider changing it to PRIVATE_INTERNET_ACCESS_VPN_PORT_FORWARDING
gluetun     | 2022/03/15 12:51:51 WARN You are using the old environment variable PIA_ENCRYPTION, please consider changing it to PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET
gluetun     | 2022/03/15 12:51:51 INFO routing: default route found: interface eth0, gateway 172.29.0.1 and assigned IP 172.29.0.2
gluetun     | 2022/03/15 12:51:51 INFO routing: local ethernet link found: eth0
gluetun     | 2022/03/15 12:51:51 INFO routing: local ipnet found: 172.29.0.0/16
gluetun     | 2022/03/15 12:51:51 INFO firewall: enabling...
gluetun     | 2022/03/15 12:51:51 ERROR cannot enable firewall: command failed: "ip6tables-nft --policy INPUT DROP": ip6tables v1.8.7 (nf_tables):  CHAIN_UPDATE failed (No such file or directory): chain INPUT: exit status 4
gluetun     | 2022/03/15 12:51:51 INFO Shutdown successful

Share your configuration

version: '3.7'
services:
  gluetun:
    container_name: gluetun
    image: qmcgaw/gluetun:v3.28
    cap_add:
      - NET_ADMIN
    volumes:
      - ./gluetun:/gluetun
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - VPNSP=private internet access
      - REGION=
      - OPENVPN_USER=
      - OPENVPN_PASSWORD=
      - PIA_ENCRYPTION=strong
      - PROTOCOL=udp
      - PORT_FORWARDING=on
      - DOT=on
      - DOT_PROVIDERS=cloudflare
      - DOT_IPV6=off
      - BLOCK_MALICIOUS=on
      - BLOCK_SURVEILLANCE=on
      - BLOCK_ADS=off
      - SHADOWSOCKS=off
      - HTTPPROXY=off
      - TZ=UTC