Podman makes this better, as it doesn't trash my ipt/nft rules in the process, and its essentially stateless amongst other useful things

How's the network performance on podman? It defaults to slirp4netns right?

Rootless Podman uses slirp4netns by default. The default will soon change to pasta. Pasta has better performance than slirp4netns. For best performance if your container supports it, use systemd socket activation because the traffic over the activated socket will have native network performance.

I'd never heard of that systemd trick. Interesting, thanks.

Here are some documentation and demos from me and others if you're interested:

https://github.com/eriksjolund/podman-networking-docs https://github.com/eriksjolund/podman-nginx-socket-activatio... https://github.com/eriksjolund/socket-activate-httpd https://github.com/eriksjolund/mariadb-podman-socket-activat... https://github.com/PhracturedBlue/podman-socket-activated-se...

Probably for user containers, but I've only ran it as root generally to avoid those sorts of limitations so haven't noticed any issues - I rarely use docker and only use for quick testing and then switch to non-docker installs