On 8/3/20 10:53 AM, Marjorie Roome via Dng wrote: > On Fri, 2020-07-31 at 18:44 -0700, Thomas Groman via Dng wrote: >> I upgraded one of my larger and more complex servers from ASCII to >> Beowulf. Switching to NFT was very easy after the upgrade. Just >> create the rules, (have flush have the beginning), remove the >> iptables if-pre-up hook if you made one, copy the example init script >> from /usr/share/doc/nftables/example, set it executable, and rc- >> update add nftables default. then openrc to bring the system to the >> new defined default runlevel >> > While it clearly worked for you with openrc it is broken on sysvinit as > the example /usr/share/doc/nftables/examples/sysvinit/nftables.init has > this: > > # Default-Start: > # Default-Stop: 0 1 2 3 4 5 6 > > in the LSB header, not the required: > > # Default-Start: S > # Default-Stop: 0 1 6 > > On 2020-08-02 17:00, Hendrik Boom wrote: >> What is NFT? >> > It stands for Net Filter Tables. It handles more than iptables (also > ip6tables, arptables and ebtables) and it's been developed by the Net > Filter team, hence the name. The binary is also nft. > > It is obviously coming in very slowly (it's been around for at least 5 > years). And users are still translating it back to iptables syntax > using iptables-legacy. > > Beowulf still installs with iptables. Buster uses nftables. > > Firewalld can use nftables as a backend. UFW can't. > > -- > Marjorie >
Hi, did you try update-alternatives to set iptables to iptables-legacy behaviour. Arno-iptables-firewall and xtables-addons-dkms from testing work for me that way. Ciao, Tito _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
