Re: Stretch => Buster: iptables

2020-11-06 Thread Jesper Dybdal
On 2020-11-06 11:43, Sven Hartge wrote: Jesper Dybdal wrote: * The CT target, to add the ftp helper.  I fixed that by adding a bit of native nft with the nft command after all the iptables(-nft) commands. For the sake of the archive and people looking at this thread hoping for some insight, pl

Re: Stretch => Buster: iptables

2020-11-06 Thread Sven Hartge
Jesper Dybdal wrote: > * The CT target, to add the ftp helper.  I fixed that by adding a bit of > native nft with the nft command after all the iptables(-nft) commands. For the sake of the archive and people looking at this thread hoping for some insight, please post your native nft rules you c

Re: Stretch => Buster: iptables

2020-11-06 Thread Jesper Dybdal
On 2020-10-16 12:25, I wrote: I have a lot of iptables rules. Is it correctly understood that the upgrade to Buster will automatically install iptables-nft, and that iptablés-nft provides complete and compatible support for the functionality of the old iptables command, so I can expect my ipt

Re: Stretch => Buster: iptables

2020-10-16 Thread Pierre-Elliott Bécue
Le vendredi 16 octobre 2020 à 14:12:55+0200, Jesper Dybdal a écrit : > > On 2020-10-16 12:35, Reco wrote: > > Barring some kernel bugs - yes. > > For instance, I've seen kernel panics because of simple: > > > > iptables -A INPUT -m conntrack --ctstate INVALID -j DROP > > Aargh!   I had not reali

Re: Stretch => Buster: iptables

2020-10-16 Thread Jesper Dybdal
On 2020-10-16 12:35, Reco wrote: Barring some kernel bugs - yes. For instance, I've seen kernel panics because of simple: iptables -A INPUT -m conntrack --ctstate INVALID -j DROP Aargh!   I had not realized that I would have to be prepared for kernel panics during the upgrade, so I really a

Re: Stretch => Buster: iptables

2020-10-16 Thread Reco
Hi. On Fri, Oct 16, 2020 at 12:25:23PM +0200, Jesper Dybdal wrote: > I have a lot of iptables rules. > > Is it correctly understood that the upgrade to Buster will automatically > install iptables-nft, and that iptablés-nft provides complete and compatible > support > for the functional

Stretch => Buster: iptables

2020-10-16 Thread Jesper Dybdal
I have a lot of iptables rules. Is it correctly understood that the upgrade to Buster will automatically install iptables-nft, and that iptablés-nft provides complete and compatible support for the functionality of the old iptables command, so I can expect my iptables scripts to just work? (