Hi, On Mon, Jun 22, 2020 at 04:11:06PM +0200, Reindl Harald wrote: > Am 22.06.20 um 16:04 schrieb Phil Sutter: > >> i gave it one try and used "iptables-nft-restore" and "ip6tables-nft", > >> after reboot nothing worked at all > > > > Not good. Did you find out *why* nothing worked anymore? Would you maybe > > care to share your script and ruleset with us? > > i could share it offlist, it's a bunch of stuff including a managament > interface written in bash and is designed for a /24 1:1 NETMAP Yes, please share off-list. I'll see if I can reproduce the problem. > basicaly it already has a config-switch to enforce iptables-nft > > FILE TOTAL STRIPPED SIZE > tui.sh 1653 1413 80K > firewall.sh 984 738 57K > shared.inc.sh 578 407 28K > custom.inc.sh 355 112 13K > config.inc.sh 193 113 6.2K > update-blocked-feed.sh 68 32 4.1K Let's hope I don't have to read all of that. /o\ [...] > >> please don't consider to drop iptables-legacy, it just works and im miss > >> a compelling argument to rework thousands of hours > > > > I'm not the one to make that call, but IMHO the plan is for > > iptables-legacy to become irrelevant *before* it is dropped from > > upstream repositories. So as long as you are still using it (and you're > > not an irrelevant minority ;) nothing's at harm. > > well, my machines are dating back to 2008 and i don't plan to re-install > them and given that im am just 42 years old now :-) You're sending emails, so you're alive and kicking! There's absolutely no reason your systems shouldn't be. After all, where's the fun of keeping a box up to date if it's not for the casual technology migration (and the sleepless night to fix the bugs)? :) Cheers, Phil
