Nftables, iptables - Wireguard, wg-quick in 4.2 - Is there a problem with installing iptables aswell?

I, like many other qubes users, use mullvad, on 4.1 i set up a few proxyVMs that, in /rw/config/rc.local would select a wireguard configuration file at random from a specified directory - These worked very well.

I have read a number of the posts on the switch to nftables in 4.2 and how this stops the wg configuration files working with wg-quick up…

While experimenting with various ways to remedy this i found that if i installed iptables into a debian-12 template (that already has nftables installed) then wg-quick (and by extension my rc.local files) work again just fine and do not “seem” to be leaking.

Is there a good reason to not do this? Does it cause a leak i have not found or pose any other security/privacy risk? I am not an expert in this area so any information on potential issues would be welcome.

1 Like

wg-quick should work on 4.2, only iptables support is dropped, so if you have iptables rules (maybe triggered by wg-quick?) you would have to rewrite them.

Can confirm that wg-quick works without iptables. The only thing that is not working are the custom made iptables rules obviously.

I’m not using it, but there are no reason for wg-quick to stop working.