MBF: Removal of iptables-legacy
Hi
The Debian Kernel team decided to deprecate and remove support for the
legacy interfaces used by iptables, arptables and ebtables from the
kernel. The replacement nftables compatibility layer was introduced
around 2016. It is finally time to try and get rid of the legacy
interfaces, which are now disabled by default in the kernel.
Our plan is to drop usage in all packages and the binaries for forky.
We will then go and remove the kernel support itself after the release
of forky. So in forky, using legacy iptables will still work, but
Debian will not provide any support and consider it deprecated.
There are some packages that hardcode the use of iptables-legacy. In
those cases just using the non-legacy counterparts should work. It just
needs a reboot to get rid of the old incompatible rules loaded into the
kernel.
Bastian
--
There are always alternatives.
-- Spock, "The Galileo Seven", stardate 2822.3
Adrian Vondendriesch <adrian.vondendriesch@credativ.de>
resource-agents (U)
Alberto Molina Coballes <alb.molina@gmail.com>
arptables (U)
ebtables (U)
iptables (U)
Arnaud Rebillout <arnaudr@kali.org>
docker.io (U)
Arturo Borrero Gonzalez <arturo@debian.org>
iptables (U)
Axel Beckert <abe@debian.org>
iptables-netflow
Cyril Brulebois <cyril@debamax.com>
crowdsec-firewall-bouncer (U)
Debian Edu Developers <debian-edu@lists.debian.org>
debian-edu-router
Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
crowdsec-firewall-bouncer
docker.io
golang-github-containerd-stargz-snapshotter
golang-github-containernetworking-plugins
golang-gvisor-gvisor
incus
Debian HA Maintainers <debian-ha-maintainers@alioth-lists.debian.net>
resource-agents
Debian Netfilter Packaging Team <pkg-netfilter-team@lists.alioth.debian.org>
arptables
ebtables
iptables
Debian Netfilter Packaging Team <team+pkg-netfilter-team@tracker.debian.org>
arptables
iptables
Debian OpenStack <team+openstack@tracker.debian.org>
neutron
nova
openstack-cluster-installer
Dmitry Smirnov <onlyjob@debian.org>
docker.io (U)
golang-github-containernetworking-plugins (U)
Free Ekanayaka <freee@debian.org>
incus (U)
gustavo panizzo <gfa@zumbi.com.ar>
nova (U)
Gustavo Panizzo <gfa@zumbi.com.ar>
neutron (U)
Ivan Udovichenko <iudovichenko@mirantis.com>
neutron (U)
Jamie Bliss <jamie@ivyleav.es>
golang-github-containernetworking-plugins (U)
Jamie Strandboge <jdstrand@ubuntu.com>
ufw
Jeremy Sowden <azazel@debian.org>
arptables (U)
ebtables (U)
iptables (U)
Jeremy Sowden <jeremy@azazel.net>
ebtables (U)
Jerome Benoit <calculus@rezozer.net>
firehol
John Goerzen <jgoerzen@complete.org>
golang-gvisor-gvisor (U)
Laurence J. Lane <ljlane@debian.org>
iptables (U)
Mathias Gibbens <gibmat@debian.org>
incus (U)
lxc-ci (U)
Michal Arbet <michal.arbet@ultimum.io>
neutron (U)
nova (U)
Mike Gabriel <sunweaver@debian.org>
debian-edu-router (U)
uif
Nicolas Braud-Santoni <nicoo@debian.org>
golang-github-containernetworking-plugins (U)
Paul Tagliamonte <paultag@debian.org>
docker.io (U)
pkg-lxc <pkg-lxc-devel@lists.alioth.debian.org>
lxc-ci
Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>
puppet-module-puppetlabs-firewall
Reinhard Tartler <siretart@tauware.de>
docker.io (U)
golang-github-containerd-stargz-snapshotter (U)
Sebastien Badia <sbadia@debian.org>
puppet-module-puppetlabs-firewall (U)
Shengjing Zhu <zhsj@debian.org>
golang-gvisor-gvisor (U)
Stig Sandbeck Mathisen <ssm@debian.org>
puppet-module-puppetlabs-firewall (U)
strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
strongswan
Thomas Goirand <zigo@debian.org>
neutron (U)
nova (U)
openstack-cluster-installer (U)
Tianon Gravi <tianon@debian.org>
docker.io (U)
Tim Potter <tpot@hpe.com>
docker.io (U)
Valentin Vidic <vvidic@debian.org>
resource-agents (U)
Vincent Bernat <bernat@debian.org>
keepalived
Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
android-cuttlefish
Yves-Alexis Perez <corsac@debian.org>
strongswan (U)
Reply to: