:: Re: [DNG] my experience upgrading t…
Inizio della pagina
Delete this message
Reply to this message
Autore: Joel Roth
Data:  
To: dng
Oggetto: Re: [DNG] my experience upgrading to NFT
Thomas Groman via Dng wrote:
> I upgraded one of my larger and more complex servers from ASCII to
> Beowulf. Switching to NFT was very easy after the upgrade. Just create
> the rules, (have flush have the beginning), remove the iptables
> if-pre-up hook if you made one, copy the example init script from
> /usr/share/doc/nftables/example, set it executable, and rc-update add
> nftables default. then openrc to bring the system to the new defined
> default runlevel


I upgraded to beowulf without reading the changes and was
mystified that my self-written firewall scripts as well as
others such as ufw and arno firewall stopped working.

What was necessary to fix them was to create a link
/etc/alternatives/iptables to /usr/sbin/iptables-legacy.

Have fun (and working firewalls)


--
Joel Roth