From d18dfe3b09916ccea6e874be63145fe59c1f2f41 Mon Sep 17 00:00:00 2001
From: Lukas Prettenthaler <lukas.prettenthaler@tipico.us>
Date: Sun, 5 Nov 2023 12:59:36 -0700
Subject: [PATCH] keep legacy iptables as default to stay compatible with
 previous behavior

---
 Dockerfile.router            | 2 +-
 scripts/entrypoint-router.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile.router b/Dockerfile.router
index c769029..4700fba 100644
--- a/Dockerfile.router
+++ b/Dockerfile.router
@@ -13,7 +13,7 @@ ENV LOG_PATH=/var/log/supervisor
 
 COPY scripts/entrypoint-router.sh /usr/sbin/
 
-RUN apk add --no-cache --purge --clean-protected iptables-legacy tzdata \
+RUN apk add --no-cache --purge --clean-protected iptables iptables-legacy tzdata \
   && rm -rf /var/cache/apk/*
 
 EXPOSE 9993/udp
diff --git a/scripts/entrypoint-router.sh b/scripts/entrypoint-router.sh
index 7f5c1ef..825dfec 100755
--- a/scripts/entrypoint-router.sh
+++ b/scripts/entrypoint-router.sh
@@ -47,7 +47,7 @@ echo "$(date) - launching ZeroTier-One in routing mode"
 PHY_IFACES="${ZEROTIER_ONE_LOCAL_PHYS:-"eth0"}"
 
 # default to iptables (maintains backwards compatibility)
-IPTABLES_CMD=iptables
+IPTABLES_CMD=iptables-legacy
 # but support an override to use iptables-nft
 [ "${ZEROTIER_ONE_USE_IPTABLES_NFT}" = "true" ] && IPTABLES_CMD=iptables-nft