I, like many other qubes users, use mullvad, on 4.1 i set up a few proxyVMs that, in /rw/config/rc.local would select a wireguard configuration file at random from a specified directory - These worked very well.
I have read a number of the posts on the switch to nftables in 4.2 and how this stops the wg configuration files working with wg-quick up…
While experimenting with various ways to remedy this i found that if i installed iptables into a debian-12 template (that already has nftables installed) then wg-quick (and by extension my rc.local files) work again just fine and do not “seem” to be leaking.
Is there a good reason to not do this? Does it cause a leak i have not found or pose any other security/privacy risk? I am not an expert in this area so any information on potential issues would be welcome.