Add configuration option to select iptables implementation

When running gocast in a container, the default iptables implementation may not match that used on the underlying host kernel. The current container uses the legacy iptables implementation and calls the `iptables` binary. This fails with exit code 3 when running on a host using the newer nftables implementation. The container already has `iptables-nft` binary included, so just needs a way to call this instead of the default `iptables` binary. This change implements a new `iptables_binary` config option, defaulting to `iptables`, and calls this when adding or removing NAT rules. Fixes #32 This change was written using AI LLM. Authored-By: Claude Code (Sonnet 4.5)
2026-06-17 17:18:59 +01:00
parent fe399e2f03
commit 256afcbd97
6 changed files with 104 additions and 4 deletions
--- a/config.yaml
+++ b/config.yaml
@@ -11,6 +11,9 @@ agent:
  consul_query_interval: 5m
  # token to authenticate client if consul requires it
  consul_token: 00000000-0000-0000-0000-000000000000
+  # iptables binary to use for NAT rules (default: iptables)
+  # Use "iptables-nft" on modern systems with nftables
+  # iptables_binary: iptables-nft

 bgp:
  local_as: 12345