From 06f2db64c129be4d7fdf33e2ea985faa35329d52 Mon Sep 17 00:00:00 2001
From: aptalca <aptalca@users.noreply.github.com>
Date: Sun, 9 Oct 2022 15:37:09 -0400
Subject: [PATCH] switch to iptables-legacy, update formatting

---
 Dockerfile         | 97 +++++++++++++++++++++++-----------------------
 Dockerfile.aarch64 | 97 +++++++++++++++++++++++-----------------------
 Dockerfile.armhf   | 97 +++++++++++++++++++++++-----------------------
 README.md          |  1 +
 readme-vars.yml    |  1 +
 5 files changed, 149 insertions(+), 144 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index dca46d7..56bd3d4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,54 +10,55 @@ LABEL maintainer="aptalca"
 ENV DEBIAN_FRONTEND="noninteractive"
 
 RUN \
- echo "**** install dependencies ****" && \
- apt-get update && \
- apt-get install -y --no-install-recommends \
-	bc \
-	build-essential \
-	curl \
-	dkms \
-	git \
-	gnupg \ 
-	ifupdown \
-	iproute2 \
-	iptables \
-	iputils-ping \
-	jq \
-	libc6 \
-	libelf-dev \
-	net-tools \
-	netcat \
-	openresolv \
-	perl \
-	pkg-config \
-	qrencode && \
- echo "**** install wireguard-tools ****" && \
- if [ -z ${WIREGUARD_RELEASE+x} ]; then \
-	WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
-	| jq -r .[0].name); \
- fi && \
- cd /app && \
- git clone https://git.zx2c4.com/wireguard-linux-compat && \
- git clone https://git.zx2c4.com/wireguard-tools && \
- cd wireguard-tools && \
- git checkout "${WIREGUARD_RELEASE}" && \
- make -C src -j$(nproc) && \
- make -C src install && \
- echo "**** install CoreDNS ****" && \
- COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
-	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
- curl -o \
-	/tmp/coredns.tar.gz -L \
-	"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \
- tar xf \
-	/tmp/coredns.tar.gz -C \
-	/app && \
- echo "**** clean up ****" && \
- rm -rf \
-	/tmp/* \
-	/var/lib/apt/lists/* \
-	/var/tmp/*
+  echo "**** install dependencies ****" && \
+  apt-get update && \
+  apt-get install -y --no-install-recommends \
+    bc \
+    build-essential \
+    curl \
+    dkms \
+    git \
+    gnupg \ 
+    ifupdown \
+    iproute2 \
+    iptables \
+    iputils-ping \
+    jq \
+    libc6 \
+    libelf-dev \
+    net-tools \
+    netcat \
+    openresolv \
+    perl \
+    pkg-config \
+    qrencode && \
+  update-alternatives --set iptables /usr/sbin/iptables-legacy && \
+  echo "**** install wireguard-tools ****" && \
+  if [ -z ${WIREGUARD_RELEASE+x} ]; then \
+    WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
+      | jq -r .[0].name); \
+  fi && \
+  cd /app && \
+  git clone https://git.zx2c4.com/wireguard-linux-compat && \
+  git clone https://git.zx2c4.com/wireguard-tools && \
+  cd wireguard-tools && \
+  git checkout "${WIREGUARD_RELEASE}" && \
+  make -C src -j$(nproc) && \
+  make -C src install && \
+  echo "**** install CoreDNS ****" && \
+  COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
+  curl -o \
+    /tmp/coredns.tar.gz -L \
+    "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \
+  tar xf \
+    /tmp/coredns.tar.gz -C \
+    /app && \
+  echo "**** clean up ****" && \
+  rm -rf \
+    /tmp/* \
+    /var/lib/apt/lists/* \
+    /var/tmp/*
 
 # add local files
 COPY /root /
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 717455f..5ed6046 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -10,54 +10,55 @@ LABEL maintainer="aptalca"
 ENV DEBIAN_FRONTEND="noninteractive"
 
 RUN \
- echo "**** install dependencies ****" && \
- apt-get update && \
- apt-get install -y --no-install-recommends \
-	bc \
-	build-essential \
-	curl \
-	dkms \
-	git \
-	gnupg \ 
-	ifupdown \
-	iproute2 \
-	iptables \
-	iputils-ping \
-	jq \
-	libc6 \
-	libelf-dev \
-	net-tools \
-	netcat \
-	openresolv \
-	perl \
-	pkg-config \
-	qrencode && \
- echo "**** install wireguard-tools ****" && \
- if [ -z ${WIREGUARD_RELEASE+x} ]; then \
-	WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
-	| jq -r .[0].name); \
- fi && \
- cd /app && \
- git clone https://git.zx2c4.com/wireguard-linux-compat && \
- git clone https://git.zx2c4.com/wireguard-tools && \
- cd wireguard-tools && \
- git checkout "${WIREGUARD_RELEASE}" && \
- make -C src -j$(nproc) && \
- make -C src install && \
- echo "**** install CoreDNS ****" && \
- COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
-	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
- curl -o \
-	/tmp/coredns.tar.gz -L \
-	"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm64.tgz" && \
- tar xf \
-	/tmp/coredns.tar.gz -C \
-	/app && \
- echo "**** clean up ****" && \
- rm -rf \
-	/tmp/* \
-	/var/lib/apt/lists/* \
-	/var/tmp/*
+  echo "**** install dependencies ****" && \
+  apt-get update && \
+  apt-get install -y --no-install-recommends \
+    bc \
+    build-essential \
+    curl \
+    dkms \
+    git \
+    gnupg \ 
+    ifupdown \
+    iproute2 \
+    iptables \
+    iputils-ping \
+    jq \
+    libc6 \
+    libelf-dev \
+    net-tools \
+    netcat \
+    openresolv \
+    perl \
+    pkg-config \
+    qrencode && \
+  update-alternatives --set iptables /usr/sbin/iptables-legacy && \
+  echo "**** install wireguard-tools ****" && \
+  if [ -z ${WIREGUARD_RELEASE+x} ]; then \
+    WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
+      | jq -r .[0].name); \
+  fi && \
+  cd /app && \
+  git clone https://git.zx2c4.com/wireguard-linux-compat && \
+  git clone https://git.zx2c4.com/wireguard-tools && \
+  cd wireguard-tools && \
+  git checkout "${WIREGUARD_RELEASE}" && \
+  make -C src -j$(nproc) && \
+  make -C src install && \
+  echo "**** install CoreDNS ****" && \
+  COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
+  curl -o \
+    /tmp/coredns.tar.gz -L \
+    "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm64.tgz" && \
+  tar xf \
+    /tmp/coredns.tar.gz -C \
+    /app && \
+  echo "**** clean up ****" && \
+  rm -rf \
+    /tmp/* \
+    /var/lib/apt/lists/* \
+    /var/tmp/*
 
 # add local files
 COPY /root /
diff --git a/Dockerfile.armhf b/Dockerfile.armhf
index 783f66c..242f1f1 100644
--- a/Dockerfile.armhf
+++ b/Dockerfile.armhf
@@ -10,54 +10,55 @@ LABEL maintainer="aptalca"
 ENV DEBIAN_FRONTEND="noninteractive"
 
 RUN \
- echo "**** install dependencies ****" && \
- apt-get update && \
- apt-get install -y --no-install-recommends \
-	bc \
-	build-essential \
-	curl \
-	dkms \
-	git \
-	gnupg \ 
-	ifupdown \
-	iproute2 \
-	iptables \
-	iputils-ping \
-	jq \
-	libc6 \
-	libelf-dev \
-	net-tools \
-	netcat \
-	openresolv \
-	perl \
-	pkg-config \
-	qrencode && \
- echo "**** install wireguard-tools ****" && \
- if [ -z ${WIREGUARD_RELEASE+x} ]; then \
-	WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
-	| jq -r .[0].name); \
- fi && \
- cd /app && \
- git clone https://git.zx2c4.com/wireguard-linux-compat && \
- git clone https://git.zx2c4.com/wireguard-tools && \
- cd wireguard-tools && \
- git checkout "${WIREGUARD_RELEASE}" && \
- make -C src -j$(nproc) && \
- make -C src install && \
- echo "**** install CoreDNS ****" && \
- COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
-	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
- curl -o \
-	/tmp/coredns.tar.gz -L \
-	"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \
- tar xf \
-	/tmp/coredns.tar.gz -C \
-	/app && \
- echo "**** clean up ****" && \
- rm -rf \
-	/tmp/* \
-	/var/lib/apt/lists/* \
-	/var/tmp/*
+  echo "**** install dependencies ****" && \
+  apt-get update && \
+  apt-get install -y --no-install-recommends \
+    bc \
+    build-essential \
+    curl \
+    dkms \
+    git \
+    gnupg \ 
+    ifupdown \
+    iproute2 \
+    iptables \
+    iputils-ping \
+    jq \
+    libc6 \
+    libelf-dev \
+    net-tools \
+    netcat \
+    openresolv \
+    perl \
+    pkg-config \
+    qrencode && \
+  update-alternatives --set iptables /usr/sbin/iptables-legacy && \
+  echo "**** install wireguard-tools ****" && \
+  if [ -z ${WIREGUARD_RELEASE+x} ]; then \
+    WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
+    | jq -r .[0].name); \
+  fi && \
+  cd /app && \
+  git clone https://git.zx2c4.com/wireguard-linux-compat && \
+  git clone https://git.zx2c4.com/wireguard-tools && \
+  cd wireguard-tools && \
+  git checkout "${WIREGUARD_RELEASE}" && \
+  make -C src -j$(nproc) && \
+  make -C src install && \
+  echo "**** install CoreDNS ****" && \
+  COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
+  curl -o \
+    /tmp/coredns.tar.gz -L \
+    "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \
+  tar xf \
+    /tmp/coredns.tar.gz -C \
+    /app && \
+  echo "**** clean up ****" && \
+  rm -rf \
+    /tmp/* \
+    /var/lib/apt/lists/* \
+    /var/tmp/*
 
 # add local files
 COPY /root /
diff --git a/README.md b/README.md
index 3eef17e..8567370 100644
--- a/README.md
+++ b/README.md
@@ -317,6 +317,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **09.10.22:** - Switch back to iptables-legacy due to issues on some hosts.
 * **04.10.22:** - Rebase to Jammy. Upgrade to s6v3.
 * **16.05.22:** - Improve NAT handling in server mode when multiple ethernet devices are present.
 * **23.04.22:** - Add pre-shared key support. Automatically added to all new peer confs generated, existing ones are left without to ensure no breaking changes.
diff --git a/readme-vars.yml b/readme-vars.yml
index 195997d..2465fc1 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -121,6 +121,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "09.10.22:", desc: "Switch back to iptables-legacy due to issues on some hosts." }
   - { date: "04.10.22:", desc: "Rebase to Jammy. Upgrade to s6v3." }
   - { date: "16.05.22:", desc: "Improve NAT handling in server mode when multiple ethernet devices are present." }
   - { date: "23.04.22:", desc: "Add pre-shared key support. Automatically added to all new peer confs generated, existing ones are left without to ensure no breaking changes." }