Re: Fedora 32 System-Wide Change proposal: iptables-nft-default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Resurrecting this old thread.

On Thu, Jan 16, 2020 at 1:09 PM Phil Sutter <psutter@xxxxxxxxxx> wrote:
Hi Neal,

On Thu, Jan 09, 2020 at 06:44:22AM -0500, Neal Gompa wrote:
> On Thu, Jan 9, 2020 at 5:15 AM Phil Sutter <psutter@xxxxxxxxxx> wrote:
[...]
> > Yes, firewalld depends on 'iptables'. My big question is how to make
> > that dependency prefer iptables-nft (assuming it 'Provides: iptables').
> >
>
> Requires: iptables
> Suggests: iptables-nft

Ah, cool. Adding the Suggests: line to firewalld didn't come to mind. In
order to gain a bit of confidence, I played with dnf: If legacy iptables
and ebtables are installed, installing firewalld doesn't pull
iptables-nft. If OTOH none of arp-, eb- or iptables* is installed,
installing firewalld pulls in iptables-nft as a dependency. Sounds like
just what I wanted to achieve!

AIUI, we made the change to use iptables-nft as the default with F32.  We also decided that existing iptables-legacy users shouldn't be moved to iptables-nft during an upgrade.

However, I think that new installations are still defaulting to iptables-legacy.  The group "Common NetworkManager Submodules" pulls in `iptables` which seems to pull in iptables-legacy by default.

This feels like an oversight and should be fixed.  Is this correct?

regards,

bex 

 

Thanks, Phil
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx


--
Did this email arrive after work for you?  Stop reading it and enjoy some work/life balance.

Brian "bex" Exelbierd (he/him/his)
Community Business Owner, RHEL Product Management
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux