On Tue, Apr 30, 2024 at 01:44:16PM -0400, Laine Stump wrote: > This makes it possible to uninstall iptables, as long as nftables is > installed. > > Signed-off-by: Laine Stump <laine@xxxxxxxxxx> > --- > libvirt.spec.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> > diff --git a/libvirt.spec.in b/libvirt.spec.in > index 05f7a7e7c0..55f32172b3 100644 > --- a/libvirt.spec.in > +++ b/libvirt.spec.in > @@ -592,7 +592,7 @@ Summary: Network driver plugin for the libvirtd daemon > Requires: libvirt-daemon-common = %{version}-%{release} > Requires: libvirt-libs = %{version}-%{release} > Requires: dnsmasq >= 2.41 > -Requires: iptables > +Requires: (iptables or nftables) I know I suggested this last time, but looking again I wonder if we ought to be more opinionated. While from a technical POV we can use either, both RHEL and Fedora default to nftables for quite a while now. IOW, shoudl we do %if 0%{?rhel} >= 10 || 0%{?fedora} >= 41 Requires: nftables %else Requires: iptbles %endif users still get to choose to use either nftbles or iptables but we force install of the package we consider to be the default. This would reduce chances of a user making a mistake only having iptables installed, at the time they instal libvirt, when they would really be quite happy with the default of nftables. The only downside is that non-default deployments would have both nftables & iptables RPMs present, but that feels harmless given the size of the packages is tiny. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ Devel mailing list -- devel@xxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx