[08:40:33] <elukey>	 akosiaris: o/ to better understand - do you think that we'll have issues on bookworm with iptables? Or just setting iptables-legacy should keep us safe?
[11:47:31] <akosiaris>	 elukey: depends a bit on how well the container is created. 
[11:48:09] <akosiaris>	 For now setting iptables-legacy on the host, and assuming most container images that somehow need to mess up with netfilter still default to it, we should be ok
[11:48:25] <akosiaris>	 Even istio inject moved away from that approach at the end 
[11:49:10] <akosiaris>	 note that the issue here is different than the one we had back in the buster migration. This one is incompatibilities between a container trying to call iptables and do netfilter stuff and having different iptables version than the host
[11:49:46] <akosiaris>	 which is a more narrow case than the ones biting us back then
[11:49:56] <akosiaris>	 us == elukey actually, but I digress
[11:50:42] <akosiaris>	 But the vague answer is "there's some window for trouble, but for the most part, sticking to -legacy should keep us safe"
[11:57:29] <arturo>	 the whole situation is very unfortunate :-(
[12:01:32] <arturo>	 happy to discuss this more if any of you want
[13:42:11] <akosiaris>	 Arturo: I d be interested, I wanna get an understanding where the overall situation with containers and virtualization frameworks that rely so much on netfilter is heading. 
[13:42:44] <akosiaris>	 Probably not right now, I am fighting a headache, but next week?
[14:16:49] <arturo>	 akosiaris: sure!