Author: Ralph Ronnquist Date: To: DNG Subject: Re: [DNG] iptables forced obsolescence over upgrade
chillfan--- via Dng wrote on 16/2/19 10:25 am: > Of the most stupid thing to happen over an upgrade.. Debian have forcibly broken a security feature. Which is to say, don't expect your firewall to still be functioning when you upgrade to Buster. And expect it to cause network failure.
>
> Short story, I upgraded an ascii system to Beowulf since Buster is now entering soft freeze if Debian have kept to their timetable. But surprise of all surprises, my network isn't working.
>
> Why? Because I restore my _iptables_ rules when bringing up interfaces. Apparently you must now use nftables and this was causing the ifupdown scripts to fail failure because the if-up script returns a failure.
>
> As far as I can see iptables is now called 'iptables-legacy' and 'iptables' actually uses nft. But btw, iptables is not deprecated in the kernel at all.
>
> nft is very counter intuitive and nowhere near as simple as iptables, actually I'd need a day off and then some to learn it. Before someone thinks it it yes I know about the conversion tool but that's useless when you know something sucks and you just don't want it to begin with.