:: Re: [DNG] iptables forced obsolesce…
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: KatolaZ
Fecha:  
A: dng
Asunto: Re: [DNG] iptables forced obsolescence over upgrade
On Fri, Feb 15, 2019 at 11:25:36PM +0000, chillfan--- via Dng wrote:
> Of the most stupid thing to happen over an upgrade.. Debian have forcibly broken a security feature. Which is to say, don't expect your firewall to still be functioning when you upgrade to Buster. And expect it to cause network failure.
>
> Short story, I upgraded an ascii system to Beowulf since Buster is now entering soft freeze if Debian have kept to their timetable. But surprise of all surprises, my network isn't working.
>
> Why? Because I restore my _iptables_ rules when bringing up interfaces. Apparently you must now use nftables and this was causing the ifupdown scripts to fail failure because the if-up script returns a failure.
>
> As far as I can see iptables is now called 'iptables-legacy' and 'iptables' actually uses nft. But btw, iptables is not deprecated in the kernel at all.
>
> nft is very counter intuitive and nowhere near as simple as iptables, actually I'd need a day off and then some to learn it. Before someone thinks it it yes I know about the conversion tool but that's useless when you know something sucks and you just don't want it to begin with.
>


chillfan, I have several beowulf machines and all use iptables, and
none of them has had that issue. Maybe I have not apt-get updated
recently. Could it just be a quirk of if-up? Shall we try to track
the issue down?


On another note: before a useless ranftul flame gets started, please
note that as chillfan said iptables is not going away from the Linux
kernel.

My2Cents

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]