Am 12.08.19 um 13:50 schrieb Arturo Borrero Gonzalez: > On 8/12/19 1:26 PM, Michael Biebl wrote: >> src/shared/firewall-util.* uses libiptc (which in turn uses iptables) >> >> ttbomk, mixing nftables and iptables is supported, otherwise we'd have >> huge problems in buster (e.g. firewalld was explicitly switched back to >> use iptables as quite a few components are not yet nft ready, like >> libvirt and other container managers like docker). >> That said, I've CCed Arturo, maybe he can chime in here. >> >> >> To me this sounds more like a wishlist bug to get systemd ported from >> libiptc to libnftables and that should be filed and addressed upstream. >> >> Michael >> > > Mixing nftables and iptables-legacy is not a good idea in general, unless one > knows exactly what is happening. For certain complex setups, it should be > avoided. > > That being said, most of the stuff should work just fine using iptables-nft. > Beware that you would need very recent iptables-nft and kernels (some bugs > happened..). > > Ideally systemd would use nftables natively, but it should work just fine > using > iptables-nft as well. Moreover, libiptc was never intended to be a public > library. So this sound like an excellent time to migrate to a proper public > API. >
Is libnftables a proper public API, i.e. supposed to be used by 3rd party applications? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
