Yeah, although the nft wiki seems to suggest it will replace iptables they seem to be coexisting at the moment.
The problem with iptables is it expects you to have nft support. A quick find command shows some changes in the provided binaries. /sbin/iptables-save /sbin/iptables /sbin/iptables-restore /usr/sbin/iptables-save /usr/sbin/iptables-nft-save /usr/sbin/iptables-legacy-restore /usr/sbin/iptables /usr/sbin/iptables-legacy /usr/sbin/iptables-nft-restore /usr/sbin/iptables-restore /usr/sbin/iptables-legacy-save /usr/sbin/iptables-apply /usr/sbin/iptables-nft Running /sbin/iptables gives: iptables/1.8.2 Failed to initialize nft: Protocol not supported And of course I don't need nft so it's not built into my kernel. For the sake of testing I will check what happens when you do have nft support as I'm sure the stock kernel has. The usual setup for restoring iptables is to place the script in /etc/network/if-pre-up.d/iptables and restore the rules from a config file somewhere in /etc. Maybe the quirk here is ifupdown expects if-pre-up.d scripts to run succesfully before bringing up the interface. Cheers, chillfan ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, February 16, 2019 8:38 AM, KatolaZ <kato...@freaknet.org> wrote: > chillfan, I have several beowulf machines and all use iptables, and > none of them has had that issue. Maybe I have not apt-get updated > recently. Could it just be a quirk of if-up? Shall we try to track > the issue down? > > On another note: before a useless ranftul flame gets started, please > note that as chillfan said iptables is not going away from the Linux > kernel. > > My2Cents > > KatolaZ > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] > [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] > [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] > [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] > [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
publickey - chillfan@protonmail.com - 0xB179B25B.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
