[Pkg-libvirt-maintainers] Bug#938929: Dependency problem with iptables and libvirt-daemon-system
Andrea Bolognani
eof at kiyuko.org
Sun Oct 20 10:40:30 BST 2024
On Thu, Dec 07, 2023 at 07:33:11PM +0100, Diederik de Haas wrote:
> I think it would be good to switch both to nftables, especially now that we're
> (still) in the middle of the Trixie development cycle. Or at least add
> nftables as (preferred) optional dependency to iptables.
> *If* any issues pop up, there's plenty of time to fix it.
>
> Now almost 5 years ago, the iptables package added the following to its
> Description: "The iptables/xtables framework has been replaced by nftables.
> You should consider migrating now."
I have created [1] which includes a fix for this bug. Specifically,
the relationship to iptables is relaxed from Depends to Recommends,
which makes it possible to uninstall it.
nftables is also added as a Recommends, since it is now possible to
use it as a backend for the network driver by setting
# /etc/libvirt/network.conf
firewall_backend = "nftables"
Unfortunately this can't be the default right now, as there are still
some problems with it, especially when it comes to non-Linux guests.
I'm hoping that the situation will improve shortly and that we'll be
able to use nftables by default for trixie.
[1] https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/237
--
Andrea Bolognani <eof at kiyuko.org>
Resistance is futile, you will be garbage collected.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20241020/0fe5c568/attachment.sig>
More information about the Pkg-libvirt-maintainers
mailing list