Heya,
just a small heads-up:
Currently there are two firewall APIs used on Linux: iptables and
nftables. iptables is the older one, nftables the new
replacement. systemd-nspawn and systemd-networkd currently interface
with iptables via the libiptc library: nspawn to implement the --port=
switch f
Is this going to make nspawn/networkd fundamentally incompatible with
distributions that use iptables-based tools (such as firewalld)?
--
Ian Pilcher arequip...@gmail.com
"I g
On 06/01/2015 10:11 PM, Ian Pilcher wrote:
> Is this going to make nspawn/networkd fundamentally incompatible with
> distributions that use iptables-based tools (such as firewalld)?
No, nftables and iptables can peacefully coexist. With nftables though,
systemd can have a table of its own, and hen
I have been told that iptable_nat module conflicts with nftables
"You cannot use iptables and nft to perform NAT at the same time. So make sure
that the iptable_nat module is unloaded"
source:
http://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_%28NAT%29
--
On 2 June 2015 at 06:11, Ian Pilcher wrote:
> Is this going to make nspawn/networkd fundamentally incompatible with
> distributions that use iptables-based tools (such as firewalld)?
nftables provides a backward compatible 'iptables' command.
Most services (including firewalld) just use the 'ipta
On Fri, 29 May 2015 17:49:12 +0200, Lennart Poettering wrote:
> Yes, we are aware this is unfortunate, and that many people are still
> using iptables. For this reason we would like to make the switch quickly
> to ensure not too many users start using the iptables hook-up before it
> goes away.
Is
