This reverts commit c743e671dad7a36871b6ab8e061e4200e64a4f54. The original commit introduced a workaround forcing the use of legacy iptables and ebtables backends via `update-alternatives` in the systemd service unit. This was originally required due to critical bugs in the nftables-based variants.
As these upstream issues have been fixed and the nftables backend is now stable and preferred in Debian, this workaround is no longer necessary. Signed-off-by: Ethan Zuo <[email protected]> --- debian/pve-firewall.service | 3 --- 1 file changed, 3 deletions(-) diff --git a/debian/pve-firewall.service b/debian/pve-firewall.service index f95ce6d..63fc57f 100644 --- a/debian/pve-firewall.service +++ b/debian/pve-firewall.service @@ -8,9 +8,6 @@ Before=shutdown.target Conflicts=shutdown.target [Service] -ExecStartPre=-/usr/bin/update-alternatives --set ebtables /usr/sbin/ebtables-legacy -ExecStartPre=-/usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy -ExecStartPre=-/usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy ExecStart=/usr/sbin/pve-firewall start ExecStop=/usr/sbin/pve-firewall stop ExecReload=/usr/sbin/pve-firewall restart -- 2.51.0
