On Wed, 2021-02-24 at 18:58 +0100, Adam Borowski wrote: > On Wed, Feb 24, 2021 at 07:26:35AM -0700, Gabe Stanton via Dng wrote: > > If I understand correctly, the iptables cli that we use now is just > > a > > wrapper around nftables. > > Actually, there are two independent subsystems. They're managed by > two > userspace tools: > * iptables-legacy > * iptables-nft > > Rules set by one of them are not visible by the other. This may give > a > nasty surprise if some tool sets a rule some other way. > > /usr/sbin/iptables is an alternatives link to one of the two, you can > check > update-alternatives --display iptables > to see which subsystem you're using by default. > > > Meow!
Interesting, so I just checked and when I call iptables, that calls /usr/sbin/iptables, which calls /etc/alternatives/iptables, which calls /usr/sbin/iptables-nft. Gabe _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng