On 8/12/19 1:26 PM, Michael Biebl wrote: > src/shared/firewall-util.* uses libiptc (which in turn uses iptables) > > ttbomk, mixing nftables and iptables is supported, otherwise we'd have > huge problems in buster (e.g. firewalld was explicitly switched back to > use iptables as quite a few components are not yet nft ready, like > libvirt and other container managers like docker). > That said, I've CCed Arturo, maybe he can chime in here. > > > To me this sounds more like a wishlist bug to get systemd ported from > libiptc to libnftables and that should be filed and addressed upstream. > > Michael >
Mixing nftables and iptables-legacy is not a good idea in general, unless one knows exactly what is happening. For certain complex setups, it should be avoided. That being said, most of the stuff should work just fine using iptables-nft. Beware that you would need very recent iptables-nft and kernels (some bugs happened..). Ideally systemd would use nftables natively, but it should work just fine using iptables-nft as well. Moreover, libiptc was never intended to be a public library. So this sound like an excellent time to migrate to a proper public API. _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
