On Thu, Nov 07, 2019 at 02:57:53PM +0000, fraser kendall wrote: > On Thu, 7 Nov 2019 13:13:38 +0100 > Bernard Rosset via Dng <dng@lists.dyne.org> wrote: > > > > - Even though I use scripts to automatically save/restore ip(6)tables > > rules on up/down, I ended up having my rules cleared through initial > > reboots. No precise idea on why. > > I suggest you always keep a manual save of them somewhere. > > Beowulf/Buster has moved from iptables to nftables. You can still use > iptables* with iptables-legacy*, but you'll need to edit your scripts > to reflect this. The option to save existing rules is part of the > upgrade but assumes that the existing rules haven't already been > overwritten with the default 'allow anything and everything'. I use a > second root terminal to check the current ruleset before making the > decision to accept; I also check that the correct ruleset has been > applied after the first few reboots and any updates just to be sure.
Does this mean that the upgrade from ascii to beowulf is not transparent and that I risk losing the iptables on my front-end machine when I do it? -- hendrik _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
