XPost: linux.debian.devel   
   From: tianon@debian.org   
      
   On Sun, 23 Nov 2025 at 02:15, Bastian Blank  wrote:   
   > The Debian Kernel team decided to deprecate and remove support for the   
   > legacy interfaces used by iptables, arptables and ebtables from the   
   > kernel.  The replacement nftables compatibility layer was introduced   
   > around 2016.  It is finally time to try and get rid of the legacy   
   > interfaces, which are now disabled by default in the kernel.   
   >   
   > Our plan is to drop usage in all packages and the binaries for forky.   
   > We will then go and remove the kernel support itself after the release   
   > of forky.  So in forky, using legacy iptables will still work, but   
   > Debian will not provide any support and consider it deprecated.   
   >   
   > There are some packages that hardcode the use of iptables-legacy.  In   
   > those cases just using the non-legacy counterparts should work.  It just   
   > needs a reboot to get rid of the old incompatible rules loaded into the   
   > kernel.   
      
   Thanks for the src:docker.io heads-up!  However, I think this is a   
   false positive:   
      
   https://codesearch.debian.net/search?q=iptables-legacy+pkg%3Adoc   
   er.io&literal=1   
      
   (only 4 hits, two of which are Dockerfiles that aren't used in the   
   package build at all, nor shipped in the builds, and two in the   
   d/changelog -- even less hits for "ip6tables-legacy" and zero for   
   "ebtables-legacy")   
      
   ♥,   
   - Tianon   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)