Many distributions now ship an iptables binary that uses nftables under the hood.
When trying to run a command like iptables -t nat -L i get this error:
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables v1.8.6 (nf_tables): Could not fetch rule set generation id: Invalid argument
I can’t check what kernel modules are loaded/included, but it seems like nf_tables support is not currently included in the Fly kernel?
If your image is Debian or similar, such as Ubuntu, you can run update-alternatives --set iptables /usr/sbin/iptables-legacy && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy as a workaround. Other distros might have similar workarounds.
yeah. i was using alpine and tried a wrapper that calls iptables-legacy but some options like --notrack are not supported there.
Yep, a lot of iptables config options are built as modules with no way to load the modules 
. You can see the kernel config with gunzip -c /proc/config.gz.