On Tue, 10 Sep 2019, Stéphane Graber wrote: > For LXD specifically, we think it would take us about 3 weeks of > engineering work to sort this in a way that can work on all > distributions, properly detecting and supporting: > - no nft present > - nft present but old iptables used > - nft present and used
I realize that LXD is an atypical snap, but this is exactly the sort of thing I would hope that snapd could help with so all snaps wouldn't be required to go through the same hoops to avoid breaking the system. The one good thing is that iptables-nft is (supposed to ;) wholly support the iptables-legacy syntax, so there is some hope of making this easier for the average snap developer. Those that want full-on netfilter would need to jump through these hoops of course. For all systems, it probably makes sense to have a small tool that can perform this detection, so admins, application developers and the like can then just focus on what tool to use (ideally upstreamed into iptables itself). -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
-- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel