Skribent: Joel Roth Dato: Til: dng Emne: Re: [DNG] my experience upgrading to NFT
Thomas Groman via Dng wrote: > I upgraded one of my larger and more complex servers from ASCII to
> Beowulf. Switching to NFT was very easy after the upgrade. Just create
> the rules, (have flush have the beginning), remove the iptables
> if-pre-up hook if you made one, copy the example init script from
> /usr/share/doc/nftables/example, set it executable, and rc-update add
> nftables default. then openrc to bring the system to the new defined
> default runlevel
I upgraded to beowulf without reading the changes and was
mystified that my self-written firewall scripts as well as
others such as ufw and arno firewall stopped working.
What was necessary to fix them was to create a link
/etc/alternatives/iptables to /usr/sbin/iptables-legacy.