[DNG] buster - ebtables discrepancy in auto mode

Skribent: Yevgeny Kosarzhevsky
Dato:
Til: Dng
Emne: [DNG] buster - ebtables discrepancy in auto mode

Hello,

I found that packet nftables recommended by iptables breaks ebtables
rules in auto mode as /usr/sbin/ebtables points now to
xtables-nft-multi

The one upgrading from ascii can lose control over remote system, as
the syntax is different. For example:

~# update-alternatives --auto ebtables
update-alternatives: using /usr/sbin/ebtables-nft to provide
/usr/sbin/ebtables (ebtables) in auto mode
~# ebtables -P TEST DROP
Policy DROP not allowed for user defined chains.
~# update-alternatives --set ebtables /usr/sbin/ebtables-legacy
update-alternatives: using /usr/sbin/ebtables-legacy to provide
/usr/sbin/ebtables (ebtables) in manual mode
~# ebtables -L TEST --Lx
ebtables -t filter -P TEST DROP

I don't know where exactly to file a bug, as xtables-nft-multi manual
page clearly states:

USAGE
       The xtables-nft tools allow you to manage the nf_tables backend
using the native syntax of iptables(8), ip6tables(8), arptables(8),
and ebtables(8).

       You should use the xtables-nft tools exactly the same way as
you would use the corresponding original tools.

`

--
Regards,
Yevgeny

Dette indlæg hører under følgende tråd:
	Det komplette tråd-træ sorteret efter dato

	Yevgeny Kosarzhevsky den

Donate to Dyne.org