Re: MBF: Removal of iptables-legacy

To: debian-devel@lists.debian.org, debian-kernel@lists.debian.org
Subject: Re: MBF: Removal of iptables-legacy
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 24 Nov 2025 14:13:28 +0000
Message-id: <[🔎] aSRoCMFYrSFXP1JL@riva.ucam.org>
Mail-followup-to: debian-devel@lists.debian.org, debian-kernel@lists.debian.org
In-reply-to: <[🔎] 20251123162509.mlyfuvv74o7qw3g2@shell.thinkmo.de>
References: <[🔎] 20251123095739.5pojnggqt47xr5bv@shell.thinkmo.de> <[🔎] aSMkW7W08Ii7KowG@riva.ucam.org> <[🔎] 20251123162509.mlyfuvv74o7qw3g2@shell.thinkmo.de>

On Sun, Nov 23, 2025 at 05:25:09PM +0100, Bastian Blank wrote:

On Sun, Nov 23, 2025 at 03:12:27PM +0000, Colin Watson wrote:

I wonder how many of these are conditional code in packages that also
support nft?  For example, incus caught my eye in your list: it has both
xtables and nftables drivers, and it prefers nftables if it's available.  It
doesn't look as though anything would need to change in that package to cope
with a kernel without iptables support.


The source check matched this reference to the legacy stuff:

| test/suites/container_devices_nic_bridged_filtering.sh:            echo "==> SKIP: ebtables must be legacy version (try update-alternatives --set ebtables /usr/sbin/ebtables-legacy)"

That code is within a [ "$firewallDriver" = "xtables" ] check, whichwill be false on a modern system.


--
Colin Watson (he/him)                              [cjwatson@debian.org]

Reply to:

References:
- MBF: Removal of iptables-legacy
  - From: Bastian Blank <waldi@debian.org>
- Re: MBF: Removal of iptables-legacy
  - From: Colin Watson <cjwatson@debian.org>
- Re: MBF: Removal of iptables-legacy
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Stack size limit
Next by Date: Re: MBF: Removal of iptables-legacy
Previous by thread: Re: MBF: Removal of iptables-legacy
Next by thread: Re: MBF: Removal of iptables-legacy
Index(es):
- Date
- Thread