Ubuntu
iptables package

[FFe] Please accept iptables 1.8.4-3ubuntu3 switching to nftables backend

Bug #1893958 reported by Balint Reczey
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
iptables (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The change is a planned change for this development cycle and the fix has been tested as described in LP: #1887186 and https://lists.ubuntu.com/archives/ubuntu-devel/2020-August/041142.html .

Changes:
 iptables (1.8.4-3ubuntu3) groovy; urgency=medium
 .
   * Swap alternative priority and prefer nftables backend over legacy
     (LP: #1887186)

See original description
Revision history for this message
Balint Reczey (rbalint) wrote :
description: updated
Revision history for this message
Oibaf (oibaf) wrote :

Can you please merge 1.8.5 from Debian along switching to -nft?
1.8.4 still has some bugs with -nft, which are fixed in 1.8.5.
Thanks

Revision history for this message
Balint Reczey (rbalint) wrote :

@oibaf Please open a separate bug for the merge, this one is only for the switch. I agree that the bug fixes would be better to be merged.

Revision history for this message
Iain Lane (laney) wrote :

Have you checked with the LXD team that they are happy with this?

If so, ack from me.

If 1.8.5 fixes bugs then we should take that for sure - please could you make sure to do that (can be later, but not much later)?

Revision history for this message
Balint Reczey (rbalint) wrote :

@laney I've sent the email to ubuntu-devel@ a week ago and it also made it to https://www.phoronix.com/scan.php?page=news_item&px=Ubuntu-20.10-Nftables so I believe every interested party must be aware of that, but I've now pinged stgraber on #ubuntu-release.

Revision history for this message
Thomas Parrott (tomparrott) wrote :

LXD depends on the nft tool when iptables-legacy rules are not in use (as the iptables-nft tools do not provide all the functionality it depends on).

However the nft tool is bundled in the snap package so this should be fine.

Iain Lane (laney)
Changed in iptables (Ubuntu):
status: New → Confirmed
Balint Reczey (rbalint)
Changed in iptables (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Oibaf (oibaf) wrote :

> If 1.8.5 fixes bugs then we should take that for sure - please could you make sure to do that (can be later, but not much later)?
See bug 1894195.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.