No, I do not need nft if I only intend to use iptables. This is just additional
complexity. They think I need it sure, since they want to immediately start the
transition to nft.
But I can just see this breaking things for people who like me built their own
kernel for specific needs, such as
On 16/02/19 at 11:26, chillfan--- via Dng wrote:
> And of course I don't need nft
Yes, you do.
For some reason you don't *want* it, but that's a different matter.
--
Alessandro Selli
VOIP SIP: dhatarat...@ekiga.net
Chiave firma e cifratura PGP/GPG signing and encoding key:
Imo this is nowhere near a pleasant way to do things for users. It would have
been much better to just provide a separate iptables nft package by default
during the install, as they really haven't given iptables the axe yet.
publickey - chillfan@protonmail.com - 0xB179B25B.asc
Description:
So it turns out if you have the proper nft support (nft + compat module
probably) in your kernel then iptables will continue to work.
The ifup failure looks like this:
iptables-restore/1.8.2 Failed to initialize nft: Protocol not supported
run-parts: /etc/network/if-pre-up.d/iptables exited
Yeah, although the nft wiki seems to suggest it will replace iptables they seem
to be coexisting at the moment.
The problem with iptables is it expects you to have nft support. A quick find
command shows some changes in the provided binaries.
/sbin/iptables-save
/sbin/iptables
On Fri, Feb 15, 2019 at 11:25:36PM +, chillfan--- via Dng wrote:
> Of the most stupid thing to happen over an upgrade.. Debian have forcibly
> broken a security feature. Which is to say, don't expect your firewall to
> still be functioning when you upgrade to Buster. And expect it to cause
On 2019-02-16 03:29, Ralph Ronnquist via Dng wrote:
chillfan--- via Dng wrote on 16/2/19 10:25 am:
As far as I can see iptables is now called 'iptables-legacy' and 'iptables'
actually uses nft. But btw, iptables is not deprecated in the kernel at all.
I'm also(?) an iptables addict. But
chillfan--- via Dng wrote on 16/2/19 10:25 am:
> Of the most stupid thing to happen over an upgrade.. Debian have forcibly
> broken a security feature. Which is to say, don't expect your firewall to
> still be functioning when you upgrade to Buster. And expect it to cause
> network failure.
>
Of the most stupid thing to happen over an upgrade.. Debian have forcibly
broken a security feature. Which is to say, don't expect your firewall to still
be functioning when you upgrade to Buster. And expect it to cause network
failure.
Short story, I upgraded an ascii system to Beowulf since