From 0ce3ab679cb4ad94c81cf426d4942637a61afb85 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 25 Feb 2020 15:31:07 -0800
Subject: [PATCH] Add a TODO in the Dockerfile regarding nftables

Someday, we'll hopefully support nftables directly and will likely then need some kind of in-container runtime detection (perhaps based on loaded modules or something similar).  This updates the related `Dockerfile` comment accordingly (linking to the appropriate `nftables` tracking issue).

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index ac5bd48670..4bb0d76ad5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -286,7 +286,8 @@ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
             zip
 
 
-# Switch to use iptables instead of nftables (to match the host machine)
+# Switch to use iptables instead of nftables (to match the CI hosts)
+# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
 RUN update-alternatives --set iptables  /usr/sbin/iptables-legacy  || true \
  && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
  && update-alternatives --set arptables /usr/sbin/arptables-legacy || true