This isn't used/necessary in the default configuration until Docker 27+, but it was optional behavior before that, so it's prudent for us to also try loading it any time we know we're not using nftables / have explicitly requested "legacy" iptables.
I thought we'd already been doing this, but apparently I was misremembering, probably because we do check the /proc/net/ip6_tables_names file for clues to whether we should be using legacy xtables. :sweat_smile:
This isn't used/necessary in the default configuration until Docker 27+, but it was optional behavior before that, so it's prudent for us to also try loading it any time we know we're not using nftables / have explicitly requested "legacy"
iptables
.See also:
cc/fyi @robmry @akerouanton :heart: