diff options
| author | Florian Klink <flokli@flokli.de> | 2022-02-24 17:22:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-24 17:22:17 +0100 |
| commit | 6ebc6ca13f47e3dfb393a2d36ff5f64335109bab (patch) | |
| tree | 2e61739ac5921bbade2e7a6d77f89d2527fa25ba /nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | |
| parent | 211ec209b1814ddd38e53743cd721e200acab626 (diff) | |
| parent | 753a43caf07790a923d8f6394744f1c5b0eb8ee4 (diff) | |
| download | nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar.gz nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar.bz2 nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar.lz nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar.xz nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.tar.zst nixpkgs-6ebc6ca13f47e3dfb393a2d36ff5f64335109bab.zip | |
Merge pull request #161426 from flokli/rl-2111-nftables
nixos/doc: improve release notes for iptables-nft and systemd with nftables backend
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-2111.section.xml')
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 58b7c1e802d..a11baa91dea 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -26,8 +26,26 @@ </listitem> <listitem> <para> - <literal>iptables</literal> now uses - <literal>nf_tables</literal> backend. + <literal>iptables</literal> is now using + <literal>nf_tables</literal> under the hood, by using + <literal>iptables-nft</literal>, similar to + <link xlink:href="https://wiki.debian.org/nftables#Current_status">Debian</link> + and + <link xlink:href="https://fedoraproject.org/wiki/Changes/iptables-nft-default">Fedora</link>. + This means, <literal>ip[6]tables</literal>, + <literal>arptables</literal> and <literal>ebtables</literal> + commands will actually show rules from some specific tables in + the <literal>nf_tables</literal> kernel subsystem. + </para> + </listitem> + <listitem> + <para> + systemd got an <literal>nftables</literal> backend, and + configures (networkd) rules in their own + <literal>io.systemd.*</literal> tables. Check + <literal>nft list ruleset</literal> to see these rules, not + <literal>iptables-save</literal> (which only shows + <literal>iptables</literal>-created rules. </para> </listitem> <listitem> |