Update iptables systemd unit to use new version of iptables-restore (!445) · Merge requests · infrastructure / apertis-image-recipes

Frederic Danis requested to merge wip/fdanis/8361-iptables-tether into apertis/v2023dev0 Nov 17, 2021

Since Debian Buster, old iptables/xtables (legacy) and new nftables frameworks can be used in parallel.
We chose to use the legacy framework (see !399 (merged)), but since the introduction of Docker in the SDK (767b7717), which set its specific rules using nftables, this breaks the connman tethering as there are two sets running.

iptables-nft-restore is able to apply iptables rules to nftables.
/usr/sbin/iptables-restore is a symlink to /etc/alternatives/iptables-restore which in turn is a symlink to /usr/sbin/iptables-nft-restore. Same for /usr/sbin/ip6tables-restore.

Replacing iptables-legacy-restore by iptables-restore allows to use the nftables only.

https://phabricator.apertis.org/T8361

Signed-off-by: Frédéric Danis frederic.danis@collabora.com

Admin message

Update iptables systemd unit to use new version of iptables-restore

Merge request reports