Beowulf/Buster has moved from iptables to nftables. You can still use iptables* with iptables-legacy*, but you'll need to edit your scripts to reflect this. The option to save existing rules is part of the upgrade but assumes that the existing rules haven't already been overwritten with the default 'allow anything and everything'.
Thanks for that catch. I forgot about the move, which was publicized years ago already IIRC.
Are you implying the upgrade process (ie no reboot) already replaced the rules? Well... That is not surprising in the usual Debian's way (and why loads of people hate it ;o) ), but still damaging if that was the case... That is something I definitely did not check for, and might explain while all of the sudden rulesets were empty (noticed only after reboot).
My scripts, using ip(6)tables-save binaries and then loading through ip(6)tables, are still working. I am not used to the nftables interface (yet). Time to learn at last, I guess. :o)
I use a second root terminal to check the current ruleset before making the decision to accept; I also check that the correct ruleset has been applied after the first few reboots and any updates just to be sure.
Whatever way it is done: it means manual backup & restoration whenever needed.
Bernard Rosset https://rosset.net/ _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
