Alpine 3.19 iptables 1.8.10-r3 break wg-quick, while iptables 1.8.9 work
I have Alpine 3.19 running in a LXC container on Turris Omnia router (armhf). I had a working WireGuard VPN connection using wg-quick to a remote server. Recent update broke the wg-quick, now it fails on iptables-restore:
$ wg-quick up vpn
[#] ip link add vpn type wireguard
[#] wg setconf vpn /dev/fd/63
[#] ip -4 address add 10.141.100.141/32 dev vpn
[#] ip -6 address add xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/128 dev vpn
[#] ip link set mtu 1420 up dev vpn
[#] resolvconf -a vpn -m 0 -x
[#] wg set vpn fwmark 51820
[#] ip -6 route add ::/0 dev vpn table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
Warning: Extension addrtype is not supported, missing kernel module?
ip6tables-restore v1.8.10 (nf_tables): Couldn't load match `addrtype':No such file or directory
Error occurred at line: 2
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
[#] resolvconf -d vpn -f
[#] ip -6 rule delete table 51820
[#] ip -6 rule delete table main suppress_prefixlength 0
[#] ip link delete dev vpn
Complains about missing addrtype module, but it is loaded:
$ lsmod | grep addrtype
xt_addrtype 16384 0
...
Kernel version of the host is 5.15.146 and iptables on the host are v1.8.7 (legacy).
I tried to downgrade to ip6tables-1.8.9-r2 and iptables-1.8.9-r2 from Alpine 3.18 and then wg-quick works again.