Hi Matt, Matt Darfeuille schrieb am 22.07.2019 14:00:
> On 7/22/2019 12:39 PM, Timo Sigurdsson wrote: >> Hi, >> >> some of you may be aware of the new default firewall backend in Debian 10 >> alias Buster, i.e. Buster defaults to nftables and all of xtables programs >> (iptables, ip6tables, etc.) are merely symlinks to iptables-nft, >> ip6tables-nft, etc. This means you can use the iptables syntax, but will >> actually get nftables rules. As I am planning to upgrade my router machine to >> Debian 10 in the near future, I was wondering whether I should take any >> precautions prior or during the upgrade with regards to shorewall. I use >> shorewall in a dual-stack setup with one WAN interface and several LAN-side >> interfaces and zones. >> > > To air on the side of caution, I would test Shorewall and the desired > configuration using a VM or a chroot when moving away from Iptables and > report back any issues you might encounter. > thanks for the tip. Replicating the exact configuration in a VM would be a bit tedious since that machine has about 12 interfaces. What I could start with, though, is testing the migration of my small VPN server which only has two interfaces and a much simpler shorewall configuration. Kind regards, Timo _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
