On Thu, Nov 07, 2019 at 02:57:53PM +0000, fraser kendall wrote:
> On Thu, 7 Nov 2019 13:13:38 +0100
> Bernard Rosset via Dng <dng@???> wrote:
>
>
> > - Even though I use scripts to automatically save/restore ip(6)tables
> > rules on up/down, I ended up having my rules cleared through initial
> > reboots. No precise idea on why.
> > I suggest you always keep a manual save of them somewhere.
>
> Beowulf/Buster has moved from iptables to nftables. You can still use
> iptables* with iptables-legacy*, but you'll need to edit your scripts
> to reflect this. The option to save existing rules is part of the
> upgrade but assumes that the existing rules haven't already been
> overwritten with the default 'allow anything and everything'. I use a
> second root terminal to check the current ruleset before making the
> decision to accept; I also check that the correct ruleset has been
> applied after the first few reboots and any updates just to be sure.

Does this mean that the upgrade from ascii to beowulf is not transparent
and that I risk losing the iptables on my front-end machine when I do it?

-- hendrik