:: [DNG] iptables forced obsolescence …
Top Page
Delete this message
Reply to this message
Author: chillfan
Subject: [DNG] iptables forced obsolescence over upgrade
Of the most stupid thing to happen over an upgrade.. Debian have forcibly broken a security feature. Which is to say, don't expect your firewall to still be functioning when you upgrade to Buster. And expect it to cause network failure.

Short story, I upgraded an ascii system to Beowulf since Buster is now entering soft freeze if Debian have kept to their timetable. But surprise of all surprises, my network isn't working.

Why? Because I restore my _iptables_ rules when bringing up interfaces. Apparently you must now use nftables and this was causing the ifupdown scripts to fail failure because the if-up script returns a failure.

As far as I can see iptables is now called 'iptables-legacy' and 'iptables' actually uses nft. But btw, iptables is not deprecated in the kernel at all.

nft is very counter intuitive and nowhere near as simple as iptables, actually I'd need a day off and then some to learn it. Before someone thinks it it yes I know about the conversion tool but that's useless when you know something sucks and you just don't want it to begin with.