diff options
| author | Florian Klink <flokli@flokli.de> | 2022-02-24 17:22:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-24 17:22:17 +0100 |
| commit | 6ebc6ca13f47e3dfb393a2d36ff5f64335109bab (patch) | |
| tree | 2e61739ac5921bbade2e7a6d77f89d2527fa25ba | |
| parent | 211ec209b1814ddd38e53743cd721e200acab626 (diff) | |
| parent | 753a43caf07790a923d8f6394744f1c5b0eb8ee4 (diff) | |
| download | nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar.gz nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar.bz2 nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar.lz nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar.xz nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar.zst nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.zip | |
Merge pull request #161426 from flokli/rl-2111-nftables
nixos/doc: improve release notes for iptables-nft and systemd with nftables backend
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 22 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2111.section.md | 10 |
2 files changed, 29 insertions, 3 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 58b7c1e802d..a11baa91dea 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -26,8 +26,26 @@ </listitem> <listitem> <para> - <literal>iptables</literal> now uses - <literal>nf_tables</literal> backend. + <literal>iptables</literal> is now using + <literal>nf_tables</literal> under the hood, by using + <literal>iptables-nft</literal>, similar to + <link xlink:href="https://wiki.debian.org/nftables#Current_status">Debian</link> + and + <link xlink:href="https://fedoraproject.org/wiki/Changes/iptables-nft-default">Fedora</link>. + This means, <literal>ip[6]tables</literal>, + <literal>arptables</literal> and <literal>ebtables</literal> + commands will actually show rules from some specific tables in + the <literal>nf_tables</literal> kernel subsystem. + </para> + </listitem> + <listitem> + <para> + systemd got an <literal>nftables</literal> backend, and + configures (networkd) rules in their own + <literal>io.systemd.*</literal> tables. Check + <literal>nft list ruleset</literal> to see these rules, not + <literal>iptables-save</literal> (which only shows + <literal>iptables</literal>-created rules. </para> </listitem> <listitem> diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 6fe838d1e7a..f3644c32832 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -8,7 +8,15 @@ In addition to numerous new and upgraded packages, this release has the followin - Nix has been updated to version 2.4, reference its [release notes](https://discourse.nixos.org/t/nix-2-4-released/15822) for more information on what has changed. The previous version of Nix, 2.3.16, remains available for the time being in the `nix_2_3` package. -- `iptables` now uses `nf_tables` backend. +- `iptables` is now using `nf_tables` under the hood, by using `iptables-nft`, + similar to [Debian](https://wiki.debian.org/nftables#Current_status) and + [Fedora](https://fedoraproject.org/wiki/Changes/iptables-nft-default). + This means, `ip[6]tables`, `arptables` and `ebtables` commands will actually + show rules from some specific tables in the `nf_tables` kernel subsystem. + +- systemd got an `nftables` backend, and configures (networkd) rules in their + own `io.systemd.*` tables. Check `nft list ruleset` to see these rules, not + `iptables-save` (which only shows `iptables`-created rules. - PHP now defaults to PHP 8.0, updated from 7.4. |