summary refs log tree commit diff
path: root/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-2111.section.xml')
-rw-r--r--nixos/doc/manual/from_md/release-notes/rl-2111.section.xml12
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
index a11baa91dea..b61a0268dee 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@@ -35,7 +35,17 @@
           This means, <literal>ip[6]tables</literal>,
           <literal>arptables</literal> and <literal>ebtables</literal>
           commands will actually show rules from some specific tables in
-          the <literal>nf_tables</literal> kernel subsystem.
+          the <literal>nf_tables</literal> kernel subsystem. In case
+          you’re migrating from an older release without rebooting,
+          there might be cases where you end up with iptable rules
+          configured both in the legacy <literal>iptables</literal>
+          kernel backend, as well as in the <literal>nf_tables</literal>
+          backend. This can lead to confusing firewall behaviour. An
+          <literal>iptables-save</literal> after switching will complain
+          about <quote>iptables-legacy tables present</quote>. It’s
+          probably best to reboot after the upgrade, or manually
+          removing all legacy iptables rules (via the
+          <literal>iptables-legacy</literal> package).
         </para>
       </listitem>
       <listitem>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-23 22:00:48 +0000