diff options
| author | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-01-23 15:22:52 -0500 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-01-23 22:29:11 -0500 |
| commit | 6f7798cdd9c2ad3de09233d0ad210e7d25a15d42 (patch) | |
| tree | 9d3256fce7e020a05f1197b200e838e09c5cd474 | |
| parent | 0e2968073e6b35a697e3e53f9906e32c4e2f1e01 (diff) | |
| download | meta-virtualization-6f7798cdd9c2ad3de09233d0ad210e7d25a15d42.tar.gz | |
linux-yocto: add iptables legacy kernel config for Docker
Kernel 6.18+ split iptables into legacy/nftables backends. Docker
requires the legacy iptables support, so add the kernel configuration
for the full dependency chain:
- CONFIG_NETFILTER_XTABLES_LEGACY=y
- CONFIG_IP_NF_IPTABLES_LEGACY=m
- CONFIG_IP_NF_FILTER=m
- CONFIG_IP_NF_NAT=m
- CONFIG_IP_NF_TARGET_MASQUERADE=m
Without these, Docker's iptables rules fail to load on 6.18+ kernels.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
| -rw-r--r-- | recipes-kernel/linux/linux-yocto/extra-configs.cfg | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/recipes-kernel/linux/linux-yocto/extra-configs.cfg b/recipes-kernel/linux/linux-yocto/extra-configs.cfg index a43bbcbc..26f8b0c6 100644 --- a/recipes-kernel/linux/linux-yocto/extra-configs.cfg +++ b/recipes-kernel/linux/linux-yocto/extra-configs.cfg | |||
| @@ -1 +1,10 @@ | |||
| 1 | # placeholder config fragment for local enable and debug \ No newline at end of file | 1 | # placeholder config fragment for local enable and debug |
| 2 | |||
| 3 | # Kernel 6.18+ split iptables into legacy/nftables backends | ||
| 4 | # Docker uses legacy iptables, so we need the full dependency chain: | ||
| 5 | # NETFILTER_XTABLES_LEGACY -> IP_NF_IPTABLES_LEGACY -> IP_NF_FILTER/NAT | ||
| 6 | CONFIG_NETFILTER_XTABLES_LEGACY=y | ||
| 7 | CONFIG_IP_NF_IPTABLES_LEGACY=m | ||
| 8 | CONFIG_IP_NF_FILTER=m | ||
| 9 | CONFIG_IP_NF_NAT=m | ||
| 10 | CONFIG_IP_NF_TARGET_MASQUERADE=m \ No newline at end of file | ||