:: Re: [DNG] iptables forced obsolesce…
Página Principal
Delete this message
Reply to this message
Autor: chillfan
Data:  
CC: dng@lists.dyne.org
Assunto: Re: [DNG] iptables forced obsolescence over upgrade
Yeah, although the nft wiki seems to suggest it will replace iptables they seem to be coexisting at the moment.

The problem with iptables is it expects you to have nft support. A quick find command shows some changes in the provided binaries.

/sbin/iptables-save
/sbin/iptables
/sbin/iptables-restore
/usr/sbin/iptables-save
/usr/sbin/iptables-nft-save
/usr/sbin/iptables-legacy-restore
/usr/sbin/iptables
/usr/sbin/iptables-legacy
/usr/sbin/iptables-nft-restore
/usr/sbin/iptables-restore
/usr/sbin/iptables-legacy-save
/usr/sbin/iptables-apply
/usr/sbin/iptables-nft

Running /sbin/iptables gives:


iptables/1.8.2 Failed to initialize nft: Protocol not supported

And of course I don't need nft so it's not built into my kernel. For the sake of testing I will check what happens when you do have nft support as I'm sure the stock kernel has.

The usual setup for restoring iptables is to place the script in /etc/network/if-pre-up.d/iptables and restore the rules from a config file somewhere in /etc. Maybe the quirk here is ifupdown expects if-pre-up.d scripts to run succesfully before bringing up the interface.


Cheers,

chillfan

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, February 16, 2019 8:38 AM, KatolaZ <katolaz@???> wrote:

> chillfan, I have several beowulf machines and all use iptables, and
> none of them has had that issue. Maybe I have not apt-get updated
> recently. Could it just be a quirk of if-up? Shall we try to track
> the issue down?
>


> On another note: before a useless ranftul flame gets started, please
> note that as chillfan said iptables is not going away from the Linux
> kernel.
>


> My2Cents
>


> KatolaZ
>


> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>


> [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ]
> [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ]
> [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ]
> [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ]
> [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]