On Thu, 28 May 2020 21:05:43 +0900 Ryutaroh Matsumoto <ryuta...@ict.e.titech.ac.jp> wrote: > Package: miniupnpd > Version: 2.1-6.1 > Severity: important > > Dear Maintainer, > > When iptables Debian package is installed, > we have two versions, iptables-nft and iptables-legacy. > The default in Buster and Bullseye is iptables-nft, as > https://wiki.debian.org/iptables > > /etc/miniupnpd/iptables_init.sh registers chain MINIUPNPD > by iptables_nft. > But > https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/netfilter/iptcrdr.c > tries to find chain MINIUPNPD by the legacy interface, and > miniupnpd fails with > chain MINIUPNPD not found > when a new redirection is added. > > It MIGHT be good idea to build the package with > ./configure --firewall=nftables ... > Or, call update-alternatives --set iptables /usr/sbin/iptables-legacy > by the installation script... > > Best regards, Ryutaroh Matsumoto
I agree nftables is better, however switching to nftables will definitely disappoint legacy iptables, and it seems there is no way to enable iptables and nftables in a single binary.
