From ce642a6d8b079d9a8cf7959171e27ee8b95517d0 Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Thu, 9 May 2024 14:33:34 +0000
Subject: [PATCH] hotfix(firewall): prefer using iptables-legacy over nf_tables
 - due to nf_tables bugs I discovered and reported

---
 internal/firewall/firewall.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/firewall/firewall.go b/internal/firewall/firewall.go
index c9235c3f..e95d03d8 100644
--- a/internal/firewall/firewall.go
+++ b/internal/firewall/firewall.go
@@ -38,7 +38,7 @@ type Config struct { //nolint:maligned
 func NewConfig(ctx context.Context, logger Logger,
 	runner command.Runner, defaultRoutes []routing.DefaultRoute,
 	localNetworks []routing.LocalNetwork) (config *Config, err error) {
-	iptables, err := checkIptablesSupport(ctx, runner, "iptables", "iptables-nft", "iptables-legacy")
+	iptables, err := checkIptablesSupport(ctx, runner, "iptables-legacy", "iptables", "iptables-nft")
 	if err != nil {
 		return nil, err
 	}