On 2020-10-16 12:25, I wrote:
I have a lot of iptables rules.
Is it correctly understood that the upgrade to Buster will
automatically install iptables-nft, and that iptablés-nft provides
complete and compatible support for the functionality of the old
iptables command, so I can expect my iptables scripts to just work?
I have now upgraded the first of my Stretch machines, and iptables-nft
works, but does not support everything.
I can recommend studying
https://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables
before upgrading to Buster if the system has non-trivial iptables usage.
In my case, I was using the following that is not supported by iptables-nft:
* The "recent" module. But I can do without that.
* The "tos" module. But I can do without that.
* The CT target, to add the ftp helper. I fixed that by adding a bit of
native nft with the nft command after all the iptables(-nft) commands.
--
Jesper Dybdal
https://www.dybdal.dk
