Your message dated Mon, 4 Mar 2019 14:47:58 +0100 with message-id <3e53405c-49db-2ed2-d088-9b96f1aed4dc@debian.org> and subject line Re: document iptables/nftables situation has caused the Debian Bug report #914423, regarding document iptables/nftables situation to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 914423: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914423 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: document iptables/nftables situation
- From: Arturo Borrero Gonzalez <arturo@debian.org>
- Date: Fri, 23 Nov 2018 10:19:52 +0100
- Message-id: <154296479234.3039.1913565561361841678.reportbug@endurance>
Package: release-notes Severity: normal Tags: buster Hi, I think the iptables/nftables situation for Buster worth mentioning in the release notes. We got some important changes that I will describe below: === 8< === Debian Buster uses now the nftables framework by default. Starting with iptables v1.8.2 the binary package includes iptables-nft and iptables-legacy, two variants of the iptables command line interface. The nftables-based is the default in Debian Buster and works with the nf_tables Linux kernel subsystem. The legacy one uses the x_tables Linux kernel subsystem. Users can use the update-alternatives system to select one variant or the other. This applies to all related tools and utilities: * iptables * iptables-save * iptables-restore * ip6tables * ip6tables-save * ip6tables-restore * arptables * arptables-save * arptables-restore * ebtables * ebtables-save * ebtables-restore All these gained the -nft and -legacy variants as well. The -nft option is for users that don't want -or can't- migrate to the native nftables command line interface. However users are really enouraged to switch to nftables rather than using the old iptables interface. nftables provides a full replacement for iptables, with much better performance, a refreshed syntax, better support for IPv4/IPv6 dual-stack firewalls, full atomic operations for dynamic ruleset updates, a Netlink API for third party applications, faster packet classification through enhanced generic set and map infrastructures, and many other improvements [0]. This movement is in line with what other major Linux distributions are doing, like the RedHat, that now uses nftables as default firewalling tool [1]. Also, please note that all iptables binaries are now installed in /usr/sbin instead of /sbin. A compatibility symlink is in place, but will be dropped after the Buster release cycle. Please, don't use hardcoded binary paths in your scripts or update them manually for the new location. Extensive documentation are available in package's README and NEWS files, and also online [2]. [0] https://wiki.nftables.org [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8-beta/html-single/8.0_beta_release_notes/index#networking_2 [2] https://wiki.debian.org/nftables === 8< ===
--- End Message ---
--- Begin Message ---
- To: 914423-done@bugs.debian.org
- Subject: Re: document iptables/nftables situation
- From: Paul Gevers <elbrus@debian.org>
- Date: Mon, 4 Mar 2019 14:47:58 +0100
- Message-id: <3e53405c-49db-2ed2-d088-9b96f1aed4dc@debian.org>
- In-reply-to: <154296479234.3039.1913565561361841678.reportbug@endurance>
- References: <154296479234.3039.1913565561361841678.reportbug@endurance> <154296479234.3039.1913565561361841678.reportbug@endurance>
Hi Arturo, On Fri, 23 Nov 2018 10:19:52 +0100 Arturo Borrero Gonzalez <arturo@debian.org> wrote: > I think the iptables/nftables situation for Buster worth mentioning in the release > notes. We got some important changes that I will describe below: Committed. https://salsa.debian.org/ddp-team/release-notes/commit/8cc130d Thanks for your contribution. PaulAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---