From a6d587baf1373ae52eb61d72dbfede3a4592a98a Mon Sep 17 00:00:00 2001
From: Denis Benato <benato.denis96@gmail.com>
Date: Mon, 17 Jun 2024 19:27:33 +0200
Subject: [PATCH] Install iptables-nft early on during image generation

---
 build-image.sh | 8 ++++++++
 manifest       | 3 ---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/build-image.sh b/build-image.sh
index fbb86f837..f6cdb47f3 100755
--- a/build-image.sh
+++ b/build-image.sh
@@ -114,6 +114,14 @@ rm -rf /var/cache/pacman/pkg
 pacman --noconfirm -U --overwrite '*' /extra_pkgs/*
 rm -rf /var/cache/pacman/pkg
 
+# Install the new iptables
+# See https://gitlab.archlinux.org/archlinux/packaging/packages/iptables/-/issues/1
+# Since base package group adds iptables by default
+# pacman will ask for confirmation to replace that package
+# but the default answer is no.
+# doing yes | pacman omitting --noconfirm is a necessity 
+yes | pacman -S iptables-nft
+
 # enable services
 systemctl enable ${SERVICES}
 
diff --git a/manifest b/manifest
index 67dc55318..44dbda18d 100644
--- a/manifest
+++ b/manifest
@@ -267,9 +267,6 @@ export FILES_TO_DELETE="\
 "
 
 postinstallhook() {
-	# use nftables instead of the deprecated iptables
-	yes | pacman -S iptables-nft
-
 	# Add sudo permissions
 	sed -i '/%wheel ALL=(ALL:ALL) ALL/s/^# //g' /etc/sudoers
 	echo "${USERNAME} ALL=(ALL) NOPASSWD: /usr/bin/dmidecode -t 11