... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

linux.debian.kernel

Debian kernel discussions

2,884 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 2,213 of 2,884

Andrea Bolognani to Bastian Blank

Re: MBF: Removal of iptables-legacy

07 Jan 26 02:50:01

   XPost: linux.debian.devel   
   From: eof@kiyuko.org   
      
   On Sun, Nov 23, 2025 at 10:57:39AM +0100, Bastian Blank wrote:   
   > Hi   
   >    
   > The Debian Kernel team decided to deprecate and remove support for the   
   > legacy interfaces used by iptables, arptables and ebtables from the   
   > kernel.  The replacement nftables compatibility layer was introduced   
   > around 2016.  It is finally time to try and get rid of the legacy   
   > interfaces, which are now disabled by default in the kernel.   
   >    
   > Our plan is to drop usage in all packages and the binaries for forky.   
   > We will then go and remove the kernel support itself after the release   
   > of forky.  So in forky, using legacy iptables will still work, but   
   > Debian will not provide any support and consider it deprecated.   
   >    
   > There are some packages that hardcode the use of iptables-legacy.  In   
   > those cases just using the non-legacy counterparts should work.  It just   
   > needs a reboot to get rid of the old incompatible rules loaded into the   
   > kernel.   
      
   Bit late to the party, sorry.   
      
   Can you please confirm that it's only iptables-legacy (and the   
   underlying kernel code) going away, and that iptables-nft will keep   
   working going forward?   
      
   libvirt tried to switch to nft a year ago but unfortunately that   
   turned out to be unfeasible at the time, so we are currently relying   
   on the compatibility interface provided by iptables-nft. Additional   
   details in #1090355.   
      
   Thanks!   
      
   --    
   Andrea Bolognani    
   Resistance is futile, you will be garbage collected.   
      
   -----BEGIN PGP SIGNATURE-----   
      
   iQIzBAABCgAdFiEEO48t9niVypx3EjLf954fxUKFg6wFAmlduY8ACgkQ954fxUKF   
   g6xzow/9Hs59PlNngvqv3NuCGa6xGb4vmSVrM+5zpxzz8bfDZ+VeDaiBlIvoZnmi   
   YdtaIZtASRyChkNlRwQ9FXuNJm3bQXt+BFQ22PraFsN06DQdyXy6E7G203bTD8wA   
   MCGOHlp87NVj14VxfEmW7MwsJNNdCvJhIPi/h3k4ATX5X4G8K447l+/89R8TIEDN   
   k9ppxOX4M18nS0WBoiBMZBIAfdM5p+p6/cPA+lt1fPZGXaArre5sRv5C34flZ0oK   
   iGatDa6uMxK3DLdrJE36Xw1qPrbsmDQHSaTmJnTKd9IFHoJPQoFFsuGzoMP9mV2L   
   sWcJcCsnXPn8ddIU+f+stNC7pRj2dwV8vlcwGyzdKRPfr9e3opn5JJ1w9TDjZXmn   
   +2+NPoADkThUAcrdPXzIDochFZPjW6kvnxYtX9NBTX0M1GxiC/w+tOIfBccuPgvT   
   ne5Rz3+jDpkEDmArA5twlStSXZjhGjEqSMQG3DQ/cxouKvl4YkzHeTRAOIiHlaPD   
   hZ7/gPXtHXTAjLYINoNsrcS4vytlHI2UVNicP+5VE2xCIG9rbnlCiDHETCQkPiJ7   
   AFUHvy30WA342s03GyB1LjfDECYtbABUi5N+cijFAA8KNXuc7hlYQDe24SD0J+Sn   
   1VEZz5gBZCGQ1MMQ4Aqkn7BPOWo8Chb3aF8dnyZ8NkIUXPF6/4w=   
   =xG9v   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]