iptables-nft not supported in arm64 arch alpine

[AndyEWang]

After installing iptables, running cmd /sbin/iptables-nft shows "iptables: Failed to initialize nft: Protocol not supported".
apk add ca-certificates bash libc6-compat iptables ip6tables

docker image tag: alpine:3.17 and alpine:3.17.3

/ # /sbin/iptables-nft --version
iptables: Failed to initialize nft: Protocol not supported
/ # ldd /sbin/iptables-nft
        /lib/ld-musl-aarch64.so.1 (0x5500000000)
        libmnl.so.0 => /usr/lib/libmnl.so.0 (0x550195a000)
        libnftnl.so.11 => /usr/lib/libnftnl.so.11 (0x550197b000)
        libxtables.so.12 => /usr/lib/libxtables.so.12 (0x55019bc000)
        libc.musl-aarch64.so.1 => /lib/ld-musl-aarch64.so.1 (0x5500000000)
/ # uname -a
Linux 3fa10d38f4ef 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 aarch64 Linux
/ # ls -l /sbin/iptables-nft
lrwxrwxrwx    1 root     root            17 Apr 19 06:55 /sbin/iptables-nft -> xtables-nft-multi
/ #

[ncopa]

iptables: Failed to initialize nft: Protocol not supported

This is the error message from kernel.

Linux 3fa10d38f4ef 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 aarch64 Linux

A 3.10 kernel.

Accoring wikipedia nftables was introduced in kernel 3.13.

This is a problem in the kernel and not something we can fix in the alpine docker image.

[AndyEWang]

But it works in alpine linux/amd64.

/ # uname -a
Linux beb9c0288e79 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 x86_64 Linux

/ # /sbin/iptables-nft --version
iptables v1.8.7 (nf_tables)

Maybe qemu-user-static doesn't support it and I also open an issue multiarch/qemu-user-static#191

Hope to get any clues from either alpine or qemu-user-static side.