On 7/22/19 5:00 AM, Matt Darfeuille wrote: > On 7/22/2019 12:39 PM, Timo Sigurdsson wrote: >> Hi, >> >> some of you may be aware of the new default firewall backend in Debian 10 >> alias Buster, i.e. Buster defaults to nftables and all of xtables programs >> (iptables, ip6tables, etc.) are merely symlinks to iptables-nft, >> ip6tables-nft, etc. This means you can use the iptables syntax, but will >> actually get nftables rules. As I am planning to upgrade my router machine >> to Debian 10 in the near future, I was wondering whether I should take any >> precautions prior or during the upgrade with regards to shorewall. I use >> shorewall in a dual-stack setup with one WAN interface and several LAN-side >> interfaces and zones. >> > > To air on the side of caution, I would test Shorewall and the desired > configuration using a VM or a chroot when moving away from Iptables and > report back any issues you might encounter. >
That having been said, I have been running Shorewall on Debian 10 for several months without issue. The only thing to be aware of is that there is no xtables-addons package in Debian 10, so if you are dependent on a feature provided by that package, you will need to revise your configuration. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
