Back in c743e671d it was necessary to update-alternative `ebtables` to `ebtables-legacy` due to some bugs [0][1]. However, these bugs appear to be fixed now.
In Trixie, `ebtables-legacy` seems to cause an enormous amount of audit message spam in `dmesg` after upgrading from Bookworm--about 5 long lines every ~10 seconds-- making it very tedious to find anything one actually cares about. Thus, use the -nft variants instead of the -legacy ones as the aforementioned bugs have since long been fixed and the audit log spam is silenced that way. [0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929527 [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929976 Signed-off-by: Max R. Carrara <m.carr...@proxmox.com> --- debian/pve-firewall.service | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/pve-firewall.service b/debian/pve-firewall.service index f95ce6d..c99db26 100644 --- a/debian/pve-firewall.service +++ b/debian/pve-firewall.service @@ -8,9 +8,9 @@ Before=shutdown.target Conflicts=shutdown.target [Service] -ExecStartPre=-/usr/bin/update-alternatives --set ebtables /usr/sbin/ebtables-legacy -ExecStartPre=-/usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy -ExecStartPre=-/usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy +ExecStartPre=-/usr/bin/update-alternatives --set ebtables /usr/sbin/ebtables-nft +ExecStartPre=-/usr/bin/update-alternatives --set iptables /usr/sbin/iptables-nft +ExecStartPre=-/usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-nft ExecStart=/usr/sbin/pve-firewall start ExecStop=/usr/sbin/pve-firewall stop ExecReload=/usr/sbin/pve-firewall restart -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
