7.2. Troubleshooting iptables
K3s, the Kubernetes environment recommended for the LOCKSS system, does not currently work with iptables version 1.8.0 or later in
nf_tables mode via Alternatives, for instance in some Debian or Ubuntu systems 1. If configure-firewall (a script called by install-k3s) detects this situation, you will see a warning message and the following prompt 2:
Switch iptables to legacy mode via Alternatives?
Enter Y for "yes" and N for "no", or simply hit Enter to accept the proposed answer (displayed in square brackets).
If you opt out of the proposed remediation, K3s may malfunction.
The remediation attempted by configure-firewall is equivalent to:
# Needed if ufw is installed and active ufw disable # Required update-alternatives --set iptables /usr/sbin/iptables-legacy # Required update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy # Optional update-alternatives --set arptables /usr/sbin/arptables-legacy # Optional update-alternatives --set ebtables /usr/sbin/ebtables-legacy # Required iptables --flush # Needed if ufw is installed and was active ufw enable
If your system did not initially need an adjustment for iptables at the time K3s was installed, but later does (for example because iptables is upgraded from a pre-1.8.0 version to version 1.8.0 or later), re-run this command in the
lockss-installer directory as a privileged user who can become root via sudo 3:
See Installing K3s.