On Thu, Dec 07, 2023 at 07:33:11PM +0100, Diederik de Haas wrote: > I think it would be good to switch both to nftables, especially now that > we're > (still) in the middle of the Trixie development cycle. Or at least add > nftables as (preferred) optional dependency to iptables. > *If* any issues pop up, there's plenty of time to fix it. > > Now almost 5 years ago, the iptables package added the following to its > Description: "The iptables/xtables framework has been replaced by nftables. > You should consider migrating now."
I have created [1] which includes a fix for this bug. Specifically, the relationship to iptables is relaxed from Depends to Recommends, which makes it possible to uninstall it. nftables is also added as a Recommends, since it is now possible to use it as a backend for the network driver by setting # /etc/libvirt/network.conf firewall_backend = "nftables" Unfortunately this can't be the default right now, as there are still some problems with it, especially when it comes to non-Linux guests. I'm hoping that the situation will improve shortly and that we'll be able to use nftables by default for trixie. [1] https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/237 -- Andrea Bolognani <[email protected]> Resistance is futile, you will be garbage collected.
signature.asc
Description: PGP signature
