Dear iptables maintainers, reading the initial bug report you can think
I haven't read README.Debian before filing this bug, but I did. It's
clear that now iptables is handled by update-alternatives, so that the
user can choose between the new nftables compatible programs (the
dafault) or the legacy programs. That's great!
And you have also documented the changed path of the binaries, from
/sbin to /usr/sbin/.
The point is: existing packages, like ferm, that search for the previous
full paths, are now broken. Since iptables-nft-save/iptables-nft-restore
should be compatible with the legacy iptables-save/iptables-restore, why
not render the old paths a symlink to /etc/alternatives/?
For example:
/sbin/iptables -> /etc/alternatives/iptables
/sbin/iptables-restore -> /etc/alternatives/iptables-restore
/sbin/iptables-save -> /etc/alternatives/iptables-save
In the ferm case, it suffice to create the following two symlinks, to
make it start again:
ln -s /etc/alternatives/iptables-restore /sbin/iptables-restore
ln -s /etc/alternatives/ip6tables-restore /sbin/ip6tables-restore
With alternatives left with the current default:
/etc/alternatives/iptables-restore -> /usr/sbin/iptables-nft-restore
/etc/alternatives/ip6tables-restore -> /usr/sbin/ip6tables-nft-restore
Cesare.
