Package: nftables
Version: 0.9.8-3.1
Severity: wishlist
I propose adding "Recommends: netbase" to nftables.
This is mainly a hint to someone debugging why their ruleset
works on "normal" systems but not "embedded" systems :-)
Rationale follows.
"netbase" provides /etc/services (et al).
iptables depends on netbase, but nftables doesn't.
In nftables 0.9.0 and earlier, nftables has a compiled-in internal services
database.
In nftables 0.9.1 and later, it uses /etc/services (via libc nss, I think).
It is entirely possible to use nftables without netbase, but
it can cause some unexpected behaviour:
root@main:~# nft -c 'table filter {chain INPUT {tcp dport ssh;};}'
root@main:~# dpkg -P netbase
(Reading database ... 11064 files and directories currently installed.)
Removing netbase (6.3) ...
Purging configuration files for netbase (6.3) ...
root@main:~# nft -c 'table filter {chain INPUT {tcp dport ssh;};}'
Error: Could not resolve service: Servname not supported for ai_socktype
table filter {chain INPUT {tcp dport ssh;};}
^^^
netbase is a quite small dependency, and its Priority: important means it is
USUALLY already installed.
-- System Information:
Debian Release: 11.0
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990,
'stable'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
