Re: Stretch => Buster: iptables

To: debian-user@lists.debian.org
Subject: Re: Stretch => Buster: iptables
From: Jesper Dybdal <jd-debian-user@dybdal.dk>
Date: Fri, 6 Nov 2020 10:42:15 +0100
Message-id: <[🔎] 0b0173cf-bb2d-032b-f317-8924217f5213@dybdal.dk>
In-reply-to: <2e60c9a3-6ce1-0b68-d65f-37362ade22e3@dybdal.dk>
References: <2e60c9a3-6ce1-0b68-d65f-37362ade22e3@dybdal.dk>

On 2020-10-16 12:25, I wrote:

I have a lot of iptables rules.
Is it correctly understood that the upgrade to Buster willautomatically install iptables-nft, and that iptablés-nft providescomplete and compatible support for the functionality of the oldiptables command, so I can expect my iptables scripts to just work?

I have now upgraded the first of my Stretch machines, and iptables-nftworks, but does not support everything.


I can recommend studying
https://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables
before upgrading to Buster if the system has non-trivial iptables usage.

In my case, I was using the following that is not supported by iptables-nft:
* The "recent" module.  But I can do without that.
* The "tos" module.  But I can do without that.

* The CT target, to add the ftp helper. I fixed that by adding a bit ofnative nft with the nft command after all the iptables(-nft) commands.


--
Jesper Dybdal
https://www.dybdal.dk

Reply to:

Follow-Ups:
- Re: Stretch => Buster: iptables
  - From: Sven Hartge <sven@svenhartge.de>

Prev by Date: Re: Feasibility of speech recognition for note taking on dedicated laptop?
Next by Date: Re: Feasibility of speech recognition for note taking on dedicated laptop?
Previous by thread: Re: Instructions for command line usage of WiFi.
Next by thread: Re: Stretch => Buster: iptables
Index(es):
- Date
- Thread