Resurrecting this old thread.
On Thu, Jan 16, 2020 at 1:09 PM Phil Sutter <psutter(a)redhat.com> wrote:
Hi Neal,
On Thu, Jan 09, 2020 at 06:44:22AM -0500, Neal Gompa wrote:
> On Thu, Jan 9, 2020 at 5:15 AM Phil Sutter <psutter(a)redhat.com> wrote:
[...]
> > Yes, firewalld depends on 'iptables'. My big question is how to make
> > that dependency prefer iptables-nft (assuming it 'Provides:
iptables').
> >
>
> Requires: iptables
> Suggests: iptables-nft
Ah, cool. Adding the Suggests: line to firewalld didn't come to mind. In
order to gain a bit of confidence, I played with dnf: If legacy iptables
and ebtables are installed, installing firewalld doesn't pull
iptables-nft. If OTOH none of arp-, eb- or iptables* is installed,
installing firewalld pulls in iptables-nft as a dependency. Sounds like
just what I wanted to achieve!
AIUI, we made the change to use iptables-nft as the default with F32. We
also decided that existing iptables-legacy users shouldn't be moved to
iptables-nft during an upgrade.
However, I think that new installations are still defaulting to
iptables-legacy. The group "Common NetworkManager Submodules" pulls in
`iptables` which seems to pull in iptables-legacy by default.
This feels like an oversight and should be fixed. Is this correct?
regards,
bex
Thanks, Phil
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
--
Did this email arrive after work for you? Stop reading it and enjoy some
work/life balance.
Brian "bex" Exelbierd (he/him/his)
Community Business Owner, RHEL Product Management
@bexelbie |
http://www.winglemeyer.org
bexelbie(a)redhat.com