Hi Everyone, Switching iptables to use the nftables backend already happened before once, but was reverted later due to LXD and possibly other parts of the Ubuntu software ecosystem were not ready [1]. The 20.04 LTS release cycle was not an ideal time to perform the switch either, but Groovy Gorilla, the 20.10 interim release can use nftables as the default and let us fix any surfacing issue for the next LTS release.
Debian already made the switch in Buster thus the packages in the archive should be generally ready for the switch. Going through the packages I found only sshguard that needs to be modified, dropping the Ubuntu delta. The switch is simply swapping the two alternative backends' priority and prefer nftables backend over legacy, without promoting the nftables package to be recommended by the iptables package in this development cycle. No regression showed up while testing the changes in Bileto [2], nor while performing a release-upgrade to the changed packages. LXD have added nftables support [3] and I've tried the microk8s snap and it worked with the switched default but created legacy tables [4]. It will still be possible to change iptables/ip6tables/arptables/ebtables back to use the legacy backend [5] after the switch, but ideally software projects should already have nftables support or have a plan to implement it in the near future [6]. If you have concerns regarding the planned switch please raise them here. The September 3 target date is after Feature Freeze and I'll formally ask for a Feature Freeze Exception. Cheers, Balint [1] https://lists.ubuntu.com/archives/ubuntu-devel/2019-September/040801.html [2] https://bileto.ubuntu.com/#/ticket/4044 [3] https://github.com/lxc/lxd/issues/6223 [4] https://github.com/ubuntu/microk8s/issues/892#issuecomment-681033084 [5] https://wiki.debian.org/nftables#Reverting_to_legacy_xtables [6] https://wiki.nftables.org/wiki-nftables/index.php/Adoption -- Balint Reczey Ubuntu & Debian Developer -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
