Debian 11 should use nf_tables

[HOSTEDPOWER]

We use nf_tables on Debian 11, but on every configserver update the iptables are set back to legacy.

Very strange behavior and it breaks a lot of functionality over and over.

Any fix for this?

[HOSTEDPOWER]

PS: There is a perfect compatible method of using iptables, I'm surprised configserver persists on disabling it again with every install...

https://www.danami.com/clients/knowledg ... ge=italian

[HOSTEDPOWER]

Hi


On debian 11 for example it's highly recommended to use iptables nft.

https://wiki.debian.org/iptables

There is also a bug currently in csf leaving an inconsistent state after the install:

update-alternatives --get-selections | grep tables
arptables auto /usr/sbin/arptables-nft <---
ebtables auto /usr/sbin/ebtables-nft <---
ip6tables manual /usr/sbin/ip6tables-legacy
iptables manual /usr/sbin/iptables-legacy

As you can see the ebtables and arptables keep the nft version, while the iptables not.

Furthermore why is csf insisting on enabling iptables-legacy again if it's found on the OS? It doesn't make any sense at first sight.

[HOSTEDPOWER]

Hi Guys, any feedback on this? Why can't we use the newer nf_tables?

[HOSTEDPOWER]

Unbelievable, it has happened

https://download.configserver.com/csf/changelog.txt