[Merge] ~alexmurray/ubuntu-seeds:promote-nftables-lp1887187 into ~ubuntu-core-dev/ubuntu-seeds/+git/platform:jammy

Dimitri John Ledkov mp+417621 at code.launchpad.net
Mon Apr 4 11:23:42 UTC 2022

> > deb:iptables by default provides /usr/sbin/iptables as iptables-nft, meaning
> it is iptables
> > interface, but requires nft to work correctly, which needs nftables package
> installed to have
> > correct default chains present.
> Are you saying /usr/sbin/iptables-nft requires bin:nftables to be installed?

Sort of, without /etc/nftables.conf which is shipped and processed by deb:nftables, the stock firewall configs are weird with default input/forward/output chains missing. It's not that the /usr/sbin/iptables binary execs anything from nftables package, it's just the in-kernel tables look odd and in an unexpected state without nftables installed.

I was mostly pushing to get deb:nftables seeded because of those rules, not because of /usr/sbin/nft binary. But hey we will get both installed by default now.
Your team Ubuntu Core Development Team is subscribed to branch ~ubuntu-core-dev/ubuntu-seeds/+git/platform:jammy.

More information about the Ubuntu-reviews mailing list