Readd blurb about iptables 1.6.1

Signed-off-by: Derek Nola <derek.nola@suse.com>
k3s-io · Nov 16, 2023 · d9c556e · d9c556e
1 parent 0c51dea
commit d9c556e
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/docs/known-issues/known-issues.md b/docs/known-issues/known-issues.md
@@ -10,6 +10,13 @@ If you plan to use K3s with docker, Docker installed via a snap package is not r
 
 ### Iptables
 
+If you are running iptables v1.6.1 and older in nftables mode you might encounter issues. We recommend utilizing newer iptables (such as 1.6.1+) to avoid issues or running iptables legacy mode.
+
+```
+update-alternatives --set iptables /usr/sbin/iptables-legacy
+update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+```
+
 Iptables versions 1.8.0-1.8.4 have known issues that can cause K3s to fail. Several popular Linux distributions ship with these versions by default. One bug causes the accumulation of duplicate rules, which negatively affects the performance and stability of the node. See [Issue #3117](https://github.com/k3s-io/k3s/issues/3117) for information on how to determine if you are affected by this problem.
 
 K3s includes a working version of iptables (v1.8.8) which functions properly. You can tell K3s to use its bundled version of iptables by starting K3s with the `--prefer-bundled-bin` option, or by uninstalling the iptables/nftables packages from your operating system.