diff --git a/docs/06-Troubleshooting/shell.md b/docs/06-Troubleshooting/shell.md
index 11a32e0868..bfdbbab492 100644
--- a/docs/06-Troubleshooting/shell.md
+++ b/docs/06-Troubleshooting/shell.md
@@ -82,7 +82,7 @@ table ip filter {
 
 **If you see the error "Operation not permitted (you must be root)", check that your `kubectl retina shell` command sets `--capabilities NET_RAW,NET_ADMIN`.**
 
-`iptables` in the shell image uses `iptables-legacy`, which may or may not match the configuration on the node. For example, Ubuntu maps `iptables` to `iptables-nft`. To use the exact same `iptables` binary as installed on the node, you will need to `chroot` into the host filesystem (see below).
+`iptables` in the shell image uses `iptables-nft`, which may or may not match the configuration on the node. For example, Azure Linux 2 maps `iptables` to `iptables-legacy`. To use the exact same `iptables` binary as installed on the node, you will need to `chroot` into the host filesystem (see below).
 
 ## Accessing the host filesystem
 
diff --git a/shell/Dockerfile b/shell/Dockerfile
index a58177dc26..eb30b98f8d 100644
--- a/shell/Dockerfile
+++ b/shell/Dockerfile
@@ -1,11 +1,6 @@
-# mcr.microsoft.com/azurelinux/base/core:3.0.20241005
-FROM mcr.microsoft.com/azurelinux/base/core@sha256:7ec490b605aac8a44aed0b0695b0ee6ae976ec898afd9ac8d5613d7f3ce2b07b
+# mcr.microsoft.com/azurelinux/base/core:3.0.20241203
+FROM mcr.microsoft.com/azurelinux/base/core@sha256:07540f424a12aa58f0de61aab38e9670c82f16b35a2ba3e449309596d422109b
 
-# There are a two known issues with Azure Linux 3.0.20241005 that affect this image:
-# 1. `iptables-nft` binary is not yet installed, but will be fixed by https://github.com/microsoft/azurelinux/pull/10786
-#    Until then, use `nft` to view nftables rules.
-# 2. `nslookup` and `bind` print an error "Algorithm not supported by SCOSSL" (but still complete successfully).
-#    This will be fixed by https://github.com/microsoft/SymCrypt-OpenSSL/pull/92
 RUN tdnf install -y \
 	bind-utils \
 	conntrack \