On Thu, 7 Nov 2019 13:13:38 +0100
Bernard Rosset via Dng <dng@???> wrote:
> - Even though I use scripts to automatically save/restore ip(6)tables
> rules on up/down, I ended up having my rules cleared through initial
> reboots. No precise idea on why.
> I suggest you always keep a manual save of them somewhere.
Beowulf/Buster has moved from iptables to nftables. You can still use
iptables* with iptables-legacy*, but you'll need to edit your scripts
to reflect this. The option to save existing rules is part of the
upgrade but assumes that the existing rules haven't already been
overwritten with the default 'allow anything and everything'. I use a
second root terminal to check the current ruleset before making the
decision to accept; I also check that the correct ruleset has been
applied after the first few reboots and any updates just to be sure.
Regards
fraser