История изменений
Исправление manul91, (текущая версия) :
Перевести это всё на язык современного файервола. iptables уже нет в ядре.
Что то другое, управляемое утилитой ip, а прослойку совместимости с iptables в дебиан-11 уже забыли положить по дефолту.
Нет. Это debian sid:
root@siduxbox:~# apt show iptables
Package: iptables
Version: 1.8.11-2
Priority: optional
Section: net
Maintainer: Debian Netfilter Packaging Team <team+pkg-netfilter-team@tracker.debian.org>
Installed-Size: 2,464 kB
Depends: libip4tc2 (= 1.8.11-2), libip6tc2 (= 1.8.11-2), libxtables12 (= 1.8.11-2), netbase (>= 6.0), libc6 (>= 2.38), libmnl0 (>= 1.0.3-4~), libnetfilter-conntrack3 (>= 1.0.6), libnfnetlink0 (>= 1.0.2), libnftnl11 (>= 1.1.6)
Recommends: nftables
Suggests: firewalld, kmod
Homepage: https://www.netfilter.org/
Tag: admin::configuring, implemented-in::c, interface::commandline,
network::firewall, protocol::ethernet, protocol::ip, protocol::tcp,
protocol::udp, role::program, role::shared-lib, scope::utility,
security::firewall, use::monitor, works-with::network-traffic
Download-Size: 361 kB
APT-Manual-Installed: yes
APT-Sources: https://deb.debian.org/debian sid/main amd64 Packages
Description: administration tools for packet filtering and NAT
The iptables/xtables framework has been replaced by nftables. You should
consider migrating now.
.
iptables is the userspace command line program used to configure
the Linux packet filtering and NAT ruleset. It is targeted towards systems
and networks administrators.
.
This package contains several different utilities, the most important ones:
.
iptables-nft, iptables-nft-save, iptables-nft-restore (nft-based version)
.
iptables-legacy, iptables-legacy-save, iptables-legacy-restore (legacy version)
.
ip6tables-nft, ip6tables-nft-save, ip6tables-nft-restore (nft-based version)
.
ip6tables-legacy, ip6tables-legacy-save, ip6tables-legacy-restore (legacy
version)
.
arptables-nft, arptables-nft-save, arptables-nft-restore (nft-based version)
.
и (все еще пока) можно переключиться на классических (legacy) iptables следующим образом:
# For newer installs: switch to legacy iptables
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
Так что теперь у меня:
root@siduxbox:~# update-alternatives --display iptables
iptables - manual mode
link best version is /usr/sbin/iptables-nft
link currently points to /usr/sbin/iptables-legacy
link iptables is /usr/sbin/iptables
slave iptables-restore is /usr/sbin/iptables-restore
slave iptables-save is /usr/sbin/iptables-save
/usr/sbin/iptables-legacy - priority 10
slave iptables-restore: /usr/sbin/iptables-legacy-restore
slave iptables-save: /usr/sbin/iptables-legacy-save
/usr/sbin/iptables-nft - priority 20
slave iptables-restore: /usr/sbin/iptables-nft-restore
slave iptables-save: /usr/sbin/iptables-nft-save
Исходная версия manul91, :
Что то другое, управляемое утилитой ip, а прослойку совместимости с iptables в дебиан-11 уже забыли положить по дефолту.
Нет. Это debian sid:
root@siduxbox:~# apt show iptables
Package: iptables
Version: 1.8.11-2
Priority: optional
Section: net
Maintainer: Debian Netfilter Packaging Team <team+pkg-netfilter-team@tracker.debian.org>
Installed-Size: 2,464 kB
Depends: libip4tc2 (= 1.8.11-2), libip6tc2 (= 1.8.11-2), libxtables12 (= 1.8.11-2), netbase (>= 6.0), libc6 (>= 2.38), libmnl0 (>= 1.0.3-4~), libnetfilter-conntrack3 (>= 1.0.6), libnfnetlink0 (>= 1.0.2), libnftnl11 (>= 1.1.6)
Recommends: nftables
Suggests: firewalld, kmod
Homepage: https://www.netfilter.org/
Tag: admin::configuring, implemented-in::c, interface::commandline,
network::firewall, protocol::ethernet, protocol::ip, protocol::tcp,
protocol::udp, role::program, role::shared-lib, scope::utility,
security::firewall, use::monitor, works-with::network-traffic
Download-Size: 361 kB
APT-Manual-Installed: yes
APT-Sources: https://deb.debian.org/debian sid/main amd64 Packages
Description: administration tools for packet filtering and NAT
The iptables/xtables framework has been replaced by nftables. You should
consider migrating now.
.
iptables is the userspace command line program used to configure
the Linux packet filtering and NAT ruleset. It is targeted towards systems
and networks administrators.
.
This package contains several different utilities, the most important ones:
.
iptables-nft, iptables-nft-save, iptables-nft-restore (nft-based version)
.
iptables-legacy, iptables-legacy-save, iptables-legacy-restore (legacy version)
.
ip6tables-nft, ip6tables-nft-save, ip6tables-nft-restore (nft-based version)
.
ip6tables-legacy, ip6tables-legacy-save, ip6tables-legacy-restore (legacy
version)
.
arptables-nft, arptables-nft-save, arptables-nft-restore (nft-based version)
.
и (все еще пока) можно переключиться на классических (legacy) iptables следующим образом:
# For newer installs: switch to legacy iptables
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
Так что теперь у меня:
root@siduxbox:~# update-alternatives --display iptables
iptables - manual mode
link best version is /usr/sbin/iptables-nft
link currently points to /usr/sbin/iptables-legacy
link iptables is /usr/sbin/iptables
slave iptables-restore is /usr/sbin/iptables-restore
slave iptables-save is /usr/sbin/iptables-save
/usr/sbin/iptables-legacy - priority 10
slave iptables-restore: /usr/sbin/iptables-legacy-restore
slave iptables-save: /usr/sbin/iptables-legacy-save
/usr/sbin/iptables-nft - priority 20
slave iptables-restore: /usr/sbin/iptables-nft-restore
slave iptables-save: /usr/sbin/iptables-nft-save