rename iptables to iptable-legacy and make iptables-nft the default iptables package
| Task Info (Flyspray) | |
|---|---|
| Opened By | AMM (amish) |
| Task ID | 70252 |
| Type | Bug Report |
| Project | Arch Linux |
| Category | Packages: Core |
| Version | None |
| OS | All |
| Opened | 2021-04-01 02:40:17 UTC |
| Status | Assigned |
| Assignee | Felix Yan (felixonmars) |
Details
Description: iptables shipped with Arch is legacy iptables which is no more recommended by Netfilter guys. [1] (outdated since 2018 i.e. its outdated since almost 3 years)
Netfilter suggested to use nftables OR if not possible then suggestion is to use modern iptables which is based on nf_tables backend. Netfilter guys are no more focusing on legacy iptables.
Since iptables-nft is a drop-in replacement for iptables(-legacy), I propose to make (rename) iptables-nft the default iptables package and rename current iptables to iptables-legacy.
This way we have a hybrid firewall without any changes by administration. And later they may migrate to nftables completely at their convenience.
Major distributions like Fedora, Debian, Ubuntu have already made the switch. [2][3][4]
I have switched many of my systems without changing any iptables rule.
Those who use non-standard iptables modules can easily switch back by installing iptables-legacy.
Proper announcement can be made well in advance to warn such users. Or post install message can be displayed.
References: [1] https://ral-arturo.org/2018/06/16/nfws2018.html [2] https://docs.fedoraproject.org/de/fedora/f32/release-notes/sysadmin/Networking/ [3] https://wiki.debian.org/nftables#Current_status [4] https://itsfoss.com/ubuntu-20-10-features/
Additional info:
- package version(s) iptables 1:1.8.7-1 iptables-nft 1:1.8.7-1