>>>>> "HB" == Hendrik Boom <hend...@topoi.pooq.com> writes:
HB> Does this mean that the upgrade from ascii to beowulf is not transparent
HB> and that I risk losing the iptables on my front-end machine when I do it?
Save the tables with iptables-save and ip6tables-save before upgrading
and try restoring them with iptables-restore and ip6tables-restore after
upgrading.
Or, save before and then, after the upgrade, run:
########################################
#!/bin/sh
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
########################################
and then restore them with iptables-restore and ip6tables-restore.
If you do not have arptables and ebtables installed, those two
lines will report errors, but it won't hurt anything.
After the upgrade, /usr/sbin/iptables will be a symlink to
/etc/alternatives/iptables. After the update-alternatives calls,
/etc/alternatives/iptables will be a symlink to
/usr/sbin/iptables-legacy, so you won't then have to edit any callers.
Symlinks exist like that also for ip6tables, each's -save and -restore
as well as {arp,eb}tables.
Displaimer: not my work; someone posted the u-a calls on debian-devel
a few weeks ago.
I use it on some kvm and openvz which do not work well with nftables or
the nftable-using iptables. They got filtering working again for me.
-JimC
--
James Cloos <cl...@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
