On Mon, Jul 20, 2020 at 09:46:21AM +0100, fraser kendall wrote:
> I have upgraded several machines to Beowulf over the last few months.
> It has only once been problematic, but that was probably due to student
> error. However, there is an ongoing issue with the upgrade to
> iptables-nft so before starting the upgrade I opened a separate
> terminal and issued # watch iptables -L. I expected to see the existing
> tables overwritten with the default (ACCEPT everything and anything)
> and was ready to issue a prompt # iptables-restore < /existing/rule/set
>
> However, what I was not prepared for was to see that, during the
> download process and before the upgraded iptables package was
> installed, the 'watching' terminal suddenly report that the iptables
> command couldn't be found. It was over 5 minutes before the watching
> terminal reported the expected 'upgraded' ruleset. I have two
> questions.
>
> 1) Does this mean that during the upgrade process to Beowulf, there is
> a minutes-long window during which the machine has no firewall at all?
>
> 2) Is this sufficiently alarming as to constitute a bug?
And did iptables work after the whole upgrade was finished?
Did it still work as you intended?
-- hendrik
>
> Best wishes
>
> fraser
>
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng