Re: Fedora 32 System-Wide Change proposal: iptables-nft-default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2021-10-20 at 18:39 +0200, Brian (bex) Exelbierd wrote:
> Resurrecting this old thread.
> 
> On Thu, Jan 16, 2020 at 1:09 PM Phil Sutter <psutter@xxxxxxxxxx> wrote:
> 
> > Hi Neal,
> > 
> > On Thu, Jan 09, 2020 at 06:44:22AM -0500, Neal Gompa wrote:
> > > On Thu, Jan 9, 2020 at 5:15 AM Phil Sutter <psutter@xxxxxxxxxx> wrote:
> > [...]
> > > > Yes, firewalld depends on 'iptables'. My big question is how to make
> > > > that dependency prefer iptables-nft (assuming it 'Provides: iptables').
> > > > 
> > > 
> > > Requires: iptables
> > > Suggests: iptables-nft
> > 
> > Ah, cool. Adding the Suggests: line to firewalld didn't come to mind. In
> > order to gain a bit of confidence, I played with dnf: If legacy iptables
> > and ebtables are installed, installing firewalld doesn't pull
> > iptables-nft. If OTOH none of arp-, eb- or iptables* is installed,
> > installing firewalld pulls in iptables-nft as a dependency. Sounds like
> > just what I wanted to achieve!
> > 
> 
> AIUI, we made the change to use iptables-nft as the default with F32.  We
> also decided that existing iptables-legacy users shouldn't be moved to
> iptables-nft during an upgrade.
> 
> However, I think that new installations are still defaulting to
> iptables-legacy.  The group "Common NetworkManager Submodules" pulls in
> `iptables` which seems to pull in iptables-legacy by default.
> 
> This feels like an oversight and should be fixed.  Is this correct?

I agree we should probably change that, but I'm not sure it's so
straightforward...I just ran an F35 install (Workstation package set
installed from Server netinst, as it happens) and it got iptables-nft,
not iptables-legacy. I'll have a look at a live instance later.
-- 
Adam Williamson
Fedora QA
IRC: adamw | Twitter: adamw_ha
https://www.happyassassin.net

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux