RHEL8 is compatible with this image

[chrpinedo]

Hello,

I wanted to share with you that I found a workaround to use this image with RHEL8 and I would like to share with you just in case it is interesting for someone else.

RHEL8 comes with iptables-nft and nftables. It lacks of support of iptables-legacy. This is problematic with docker-ce and this image docker-fail2ban.

The best option to avoid problems with docker-ce in RHEL8 is to follow the procedure of https://gist.github.com/dmc5179/2f55cd54a6fdd103ab1873d52e3464a8:

• stop and disable firewalld service
• stop and disable nftables service
• install iptables-services package; start and enable iptables service

Now the configuration of iptables rules are located at /etc/sysconfig/iptables and /etc/sysconfig/ip6tables files. Docker-ce can create the firewall rules with iptables. In fact, iptables-nft is used instead of iptables-legacy. But this is not a problem. iptables -nvL lists all iptables rules and there is no mix with nfs list rulesets because we disabled nftables and firewalld services.

Next this image docker-fail2ban to work right has to use iptables-nft instead of iptables-legacy. This image is based on alpine and it provides both of them however default iptables is iptables-legacy. So we have to add the file /data/action.d/iptables-common.local file to force to use iptables-nft instead of iptables:

[Init]
iptables = iptables-nft <lockingopt>

[Init?family=inet6]
iptables = ip6tables-nft <lockingopt>

Regards!