Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1031347: nftables: Possibly missing iptables alternatives provider
14 views
Skip to first unread message
Zhian Chen
Feb 15, 2023, 7:40:05 AM2/15/23
to
Package: nftables
Version: 1.0.6-2
Severity: normal
X-Debbugs-Cc: moone...@gmail.com
Dear Maintainer,
When I use proxy softwares which need iptables to work, I notice that
Debian has decided to use nftables as its default firewalling framework,
and Debian Wiki (https://wiki.debian.org/nftables, which I think is
somewhat outdated) points out that nftables is the backends when using
iptables and lists switching methods (which is unusable when I only
have nftables installed).
I find the proxy software which directly embeds 'iptables' command can't
launch normally, 'iptables' command doesnot actually exist. Although
/sbin/nft is usable.
I think this stuation is abnormal. What I originally thought is that
nftables provides iptables alternatives in /etc/alternatives,
registering automatically when `iptables` package is not installed (a
similiar Debian case is neovim and vim), so that progarms can use iptables in
shell command.
I'm not sure if I am right. I also notice that *-lagacy and *-nft tools
are both included in Debian iptables package, and iptables provides an
iptables alternative rule. nftables just has /sbin/nft.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nftables depends on:
ii libc6 2.36-8
ii libedit2 3.1-20221030-2
ii libnftables1 1.0.6-2
Versions of packages nftables recommends:
ii netbase 6.4
Versions of packages nftables suggests:
pn firewalld <none>
-- no debconf information
Version: 1.0.6-2
Severity: normal
X-Debbugs-Cc: moone...@gmail.com
Dear Maintainer,
When I use proxy softwares which need iptables to work, I notice that
Debian has decided to use nftables as its default firewalling framework,
and Debian Wiki (https://wiki.debian.org/nftables, which I think is
somewhat outdated) points out that nftables is the backends when using
iptables and lists switching methods (which is unusable when I only
have nftables installed).
I find the proxy software which directly embeds 'iptables' command can't
launch normally, 'iptables' command doesnot actually exist. Although
/sbin/nft is usable.
I think this stuation is abnormal. What I originally thought is that
nftables provides iptables alternatives in /etc/alternatives,
registering automatically when `iptables` package is not installed (a
similiar Debian case is neovim and vim), so that progarms can use iptables in
shell command.
I'm not sure if I am right. I also notice that *-lagacy and *-nft tools
are both included in Debian iptables package, and iptables provides an
iptables alternative rule. nftables just has /sbin/nft.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nftables depends on:
ii libc6 2.36-8
ii libedit2 3.1-20221030-2
ii libnftables1 1.0.6-2
Versions of packages nftables recommends:
ii netbase 6.4
Versions of packages nftables suggests:
pn firewalld <none>
-- no debconf information
MoonExiler
Feb 15, 2023, 8:10:04 AM2/15/23
to
the exact iptables command is in format `iptables -w 2 -t nat -N TP_OUT sh`, and seems nftables has different command form. I installed iptables and everything works well, but I still wonder what's `iptables` package status now as it is announced be replaced by nftables. For now I think it's the proxy software's duty to solve this problem.
MoonExiler
Feb 15, 2023, 9:10:07 AM2/15/23
to
Sorry for frequent disturbing.
I realize that iptables package has iptables-nft and nftlibs to work normally, and nftables is a dependency recommended to install with iptables. So my problem is solved, in my case, I need to install *iptables package* and use *iptables-nft* from this package.
This bug is not actually related with *nftables package*. I want to say sorry again. I want to express my sincere appreciation for your hard work.
Zhian Chen (galiren)
0 new messages