Netavark the rust network backend for podman is currently working on initial nftables support. They are currently discussing things like using one chain for IPv4 & IPv6, or rather one each.
Now seems an excellent moment to way in with things to make sure it will play nice with future OpenWrt.
Probably in the end of the week will be the time to start testing test builds.
I'd love to way in and help out my self, but that's a bit above my skill level / pay grade.
PS: the developer of luci-app-dockerman said he's willing to support podman especially if it plays well with nftables.
So if you have the skills, to have an opinion, pls voice it.
Cheers awesome community.
Netavark the rust network backend for podman is currently working on initial nftables support. They are currently discussing things like using one chain for IPv4 & IPv6, or rather one each.
Replicates the current iptables approach (3 isolation chains, with support for strict and normal isolation, or no isolation at all). No significant changes from iptables implementation.
The source has these uci vars: uci:get_bool("dockerd", "dockerman", "remote_endpoint") || uci:get("dockerd", "dockerman", "socket_path") or "/var/run/docker.sock"
To support running an API service without using a systemd service, the command also takes an optional endpoint argument for the API in URI form. For example, unix:///tmp/foobar.sock or tcp://localhost:8080. If no endpoint is provided, defaults is used. The default endpoint for a rootful service is unix:///run/podman/podman.sock and rootless is unix://$XDG_RUNTIME_DIR/podman/podman.sock (for example unix:///run/user/1000/podman/podman.sock)