Debian 11 should use nf_tables

Post Reply
HOSTEDPOWER
Junior Member
Posts: 8
Joined: 26 Mar 2018, 21:59

Debian 11 should use nf_tables

Post by HOSTEDPOWER »

We use nf_tables on Debian 11, but on every configserver update the iptables are set back to legacy.

Very strange behavior and it breaks a lot of functionality over and over.

Any fix for this?
HOSTEDPOWER
Junior Member
Posts: 8
Joined: 26 Mar 2018, 21:59

Re: Debian 11 should use nf_tables

Post by HOSTEDPOWER »

PS: There is a perfect compatible method of using iptables, I'm surprised configserver persists on disabling it again with every install...

https://www.danami.com/clients/knowledg ... ge=italian
HOSTEDPOWER
Junior Member
Posts: 8
Joined: 26 Mar 2018, 21:59

Inconsistent switch back to iptables-legacy

Post by HOSTEDPOWER »

Hi


On debian 11 for example it's highly recommended to use iptables nft.

https://wiki.debian.org/iptables

There is also a bug currently in csf leaving an inconsistent state after the install:

update-alternatives --get-selections | grep tables
arptables auto /usr/sbin/arptables-nft <---
ebtables auto /usr/sbin/ebtables-nft <---
ip6tables manual /usr/sbin/ip6tables-legacy
iptables manual /usr/sbin/iptables-legacy

As you can see the ebtables and arptables keep the nft version, while the iptables not.

Furthermore why is csf insisting on enabling iptables-legacy again if it's found on the OS? It doesn't make any sense at first sight.
HOSTEDPOWER
Junior Member
Posts: 8
Joined: 26 Mar 2018, 21:59

Re: Debian 11 should use nf_tables

Post by HOSTEDPOWER »

Hi Guys, any feedback on this? Why can't we use the newer nf_tables?
HOSTEDPOWER
Junior Member
Posts: 8
Joined: 26 Mar 2018, 21:59

Re: Debian 11 should use nf_tables

Post by HOSTEDPOWER »

Post Reply