Did the latest Dietpi switched to nftable？

cmray168 · 27 January 2026 12:52

My wireguard seems conflict with crowdsec after updating to Dietpi v10. My npm page cannot load, and even the ssh not working.

Joulinar · 27 January 2026 13:16

Did the latest Dietpi switched to nftable?

Nope, these are the release notes DietPi v10.0 - DietPi.com Docs

cmray168 · 27 January 2026 15:57

May be the latest Docker-CE? My Nginx Proxy Manger running in Docker failed to load whenever I used Wireguard to connect.
But it is fixed now by editing /etc/wireguard/wg0.conf
From iptables to Nftables, it works now.

NFTABLES SETTINGS

1. FORWARD rule: Insert into Docker’s main forward chain

PostUp = nft add rule ip docker-bridges filter-FORWARD iifname “wg0” counter accept
PostDown = nft delete rule ip docker-bridges filter-FORWARD iifname “wg0” counter accept 2>/dev/null || true

2. NAT rule: Insert into Docker’s NAT postrouting chain

PostUp = nft add rule ip docker-bridges nat-POSTROUTING oifname “eth0” counter masquerade
PostDown = nft delete rule ip docker-bridges nat-POSTROUTING oifname “eth0” counter masquerade 2>/dev/null || true

LEGACY SETTINGS

#PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
#PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
#PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Joulinar · 27 January 2026 17:54

Docker always had a challenge running together with VPN servers on same host as it was blocking traffic Packet filtering and firewalls | Docker Docs

In past I personally added following using iptables

iptables -I DOCKER-USER -i eth0 -o wg0 -j ACCEPT

and to make it boot persistent

install iptables-persistent