From 1843ff66b2696ecbac02dd091326d9d9cfce4b10 Mon Sep 17 00:00:00 2001
From: Liyi Huang <liyi.huang@isovalent.com>
Date: Sun, 2 Nov 2025 22:30:16 -0500
Subject: [PATCH] Remove legacy iptables configuration from init scripts
 (#2834)

With newer version of k8s, anything using iptables could use iptables-wrappers
to figure out the backend is legacy or nft. Force the iptable to use legacy is not necessary anymore.

Signed-off-by: liyi huang <pdshly@gmail.com>
---
 builtin/capkk/roles/init/init-os/templates/init-os.sh | 10 ----------
 builtin/core/roles/native/init/templates/init-os.sh   | 10 ----------
 2 files changed, 20 deletions(-)

diff --git a/builtin/capkk/roles/init/init-os/templates/init-os.sh b/builtin/capkk/roles/init/init-os/templates/init-os.sh
index f560e83b..c8bf2545 100644
--- a/builtin/capkk/roles/init/init-os/templates/init-os.sh
+++ b/builtin/capkk/roles/init/init-os/templates/init-os.sh
@@ -256,13 +256,3 @@ EOF
 
 sync
 # echo 3 > /proc/sys/vm/drop_caches
-
-# Make sure the iptables utility doesn't use the nftables backend.
-{{- if .internal_ipv4 | empty | not }}
-update-alternatives --set iptables /usr/sbin/iptables-legacy >/dev/null 2>&1 || true
-{{- end }}
-{{- if .internal_ipv6 | empty | not }}
-update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy >/dev/null 2>&1 || true
-{{- end }}
-update-alternatives --set arptables /usr/sbin/arptables-legacy >/dev/null 2>&1 || true
-update-alternatives --set ebtables /usr/sbin/ebtables-legacy >/dev/null 2>&1 || true
diff --git a/builtin/core/roles/native/init/templates/init-os.sh b/builtin/core/roles/native/init/templates/init-os.sh
index 0515a60b..1acb1950 100644
--- a/builtin/core/roles/native/init/templates/init-os.sh
+++ b/builtin/core/roles/native/init/templates/init-os.sh
@@ -203,13 +203,3 @@ sysctl -p
 
 sync
 echo 3 > /proc/sys/vm/drop_caches
-
-# Make sure the iptables utility doesn't use the nftables backend.
-{{- if .internal_ipv4 | empty | not }}
-update-alternatives --set iptables /usr/sbin/iptables-legacy >/dev/null 2>&1 || true
-{{- end }}
-{{- if .internal_ipv6 | empty | not }}
-update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy >/dev/null 2>&1 || true
-{{- end }}
-update-alternatives --set arptables /usr/sbin/arptables-legacy >/dev/null 2>&1 || true
-update-alternatives --set ebtables /usr/sbin/ebtables-legacy >/dev/null 2>&1 || true