fix(sysinfo): suppress iptables error in diagnostic report for containers (#1011)

Alexey Portnov · Alexey Portnov · commit e26e6b973bbe · 2026-04-13T04:45:00.000+08:00
getIptablesInfo() called iptables -S unconditionally, producing
modprobe/legacy table errors in Docker on nf_tables hosts (Alpine
6.12+) where the legacy iptables backend cannot initialize without
the host's ip_tables kernel module.

Skip the iptables call when canManageFirewall() is false and show
a context-specific message instead:
- Docker: "Firewall managed by host (Docker)"
- LXC without CAP_NET_ADMIN: "Firewall unavailable (container without CAP_NET_ADMIN)"
diff --git a/src/PBXCoreREST/Lib/Sysinfo/GetInfoAction.php b/src/PBXCoreREST/Lib/Sysinfo/GetInfoAction.php
@@ -24,6 +24,7 @@
 use MikoPBX\Common\Models\PbxSettings;
 use MikoPBX\Core\System\PBX;
 use MikoPBX\Core\System\Processes;
+use MikoPBX\Core\System\System;
 use MikoPBX\Core\System\Util;
 use MikoPBX\PBXCoreREST\Lib\PBXApiResult;
 use MikoPBX\Service\Main;
@@ -284,13 +285,19 @@ private static function getRouteInfo(): string
      */
     private static function getIptablesInfo(): string
     {
-        $content      = '────────────────────────────────────────── iptables ──────────────────────────────────────';
-        $content      .= PHP_EOL . PHP_EOL;
-        $iptables = Util::which('iptables');
-        $out          = [];
-        Processes::mwExec("$iptables -S", $out);
-        $iptablesOut = implode(PHP_EOL, $out);
-        $content     .= $iptablesOut . PHP_EOL;
+        $content = '────────────────────────────────────────── iptables ──────────────────────────────────────';
+        $content .= PHP_EOL . PHP_EOL;
+        if (!System::canManageFirewall()) {
+            $reason = System::isDocker()
+                ? 'Firewall managed by host (Docker)'
+                : 'Firewall unavailable (container without CAP_NET_ADMIN)';
+            $content .= $reason . PHP_EOL;
+        } else {
+            $iptables = Util::which('iptables');
+            $out = [];
+            Processes::mwExec("$iptables -S", $out);
+            $content .= implode(PHP_EOL, $out) . PHP_EOL;
+        }
         $content .= PHP_EOL . PHP_EOL;
         return $content;
     }
