On Sun, Nov 23, 2025 at 05:25:09PM +0100, Bastian Blank wrote:
On Sun, Nov 23, 2025 at 03:12:27PM +0000, Colin Watson wrote:
I wonder how many of these are conditional code in packages that also
support nft? For example, incus caught my eye in your list: it has both
xtables and nftables drivers, and it prefers nftables if it's available. It
doesn't look as though anything would need to change in that package to cope
with a kernel without iptables support.
The source check matched this reference to the legacy stuff:
| test/suites/container_devices_nic_bridged_filtering.sh: echo "==> SKIP:
ebtables must be legacy version (try update-alternatives --set ebtables
/usr/sbin/ebtables-legacy)"
That code is within a [ "$firewallDriver" = "xtables" ] check, which
will be false on a modern system.
--
Colin Watson (he/him) [[email protected]]
