On 11/16/18 1:18 PM, Amos Jeffries wrote:
> My kernel version is 3.16.0-4-amd64.
>
This kernel is very very old. First thing to do is to upgrade your
kernel to something modern. Is not related to the hardware. Both
x_tables and nf_tables kernel subsystem received severe updates since
3.16. By mixing modern userspace components with old kernelside modules
you are exposed to severe limitations to say the least.
>
> The main problem as I see it is that the packaging switched straight to
> the -nft versions without sufficient checking that it was not breaking
> the system by doing so. Surely there are tests that can be done on
> install to select the auto/default flavour better?
>
I don't have time to work on such magic migration mechanisms.
But as I said, your issue is not with iptables-nft or nftables itself.
You are using a very old kernel which won't work.
thanks!
