ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Debian 11 should use nf_tables

https://mail.forum.configserver.com/viewtopic.php?t=12814

Page 1 of 1

Debian 11 should use nf_tables

Posted: 05 May 2023, 09:01
by HOSTEDPOWER
We use nf_tables on Debian 11, but on every configserver update the iptables are set back to legacy.

Very strange behavior and it breaks a lot of functionality over and over.

Any fix for this?

Re: Debian 11 should use nf_tables

Posted: 08 May 2023, 21:18
by HOSTEDPOWER
PS: There is a perfect compatible method of using iptables, I'm surprised configserver persists on disabling it again with every install...

https://www.danami.com/clients/knowledg ... ge=italian

Inconsistent switch back to iptables-legacy

Posted: 09 May 2023, 08:37
by HOSTEDPOWER
Hi


On debian 11 for example it's highly recommended to use iptables nft.

https://wiki.debian.org/iptables

There is also a bug currently in csf leaving an inconsistent state after the install:

update-alternatives --get-selections | grep tables
arptables auto /usr/sbin/arptables-nft <---
ebtables auto /usr/sbin/ebtables-nft <---
ip6tables manual /usr/sbin/ip6tables-legacy
iptables manual /usr/sbin/iptables-legacy

As you can see the ebtables and arptables keep the nft version, while the iptables not.

Furthermore why is csf insisting on enabling iptables-legacy again if it's found on the OS? It doesn't make any sense at first sight.

Re: Debian 11 should use nf_tables

Posted: 23 May 2023, 20:45
by HOSTEDPOWER
Hi Guys, any feedback on this? Why can't we use the newer nf_tables?

Re: Debian 11 should use nf_tables

Posted: 29 Sep 2023, 08:08
by HOSTEDPOWER
Unbelievable, it has happened :D

https://download.configserver.com/csf/changelog.txt
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited