Tiny Core Extensions > TCE Corepure64

how to disable iptables after migrating to nftables?

<< < (2/4) > >>

GNUser:

--- Quote ---Are you sure nftables needs iptables? According to Google nftables is supposed to replace iptables.

--- End quote ---

No, I'm not sure. I'm going to try removing  iptables.tcz  from the list of dependencies for wireguard-tools and nftables to see what happens.

GNUser:
Hi, Rich. Both  nftables.tcz  and  wireguard-tools.tcz  need a single library from the  iptables.tcz  extension (namely, libxtables.so.12.2.0). If I extract  iptables.tcz, grab the needed library, and put in in /usr/local/lib, then everything works just fine.

I think what I'll do is to add libxtables.12.2.0 to my backup then delete  iptables.tcz  from  nftables.tcz.dep  and from  wireguard-tools.tcz.dep.

Thanks for poking me in the right direction.

P.S. Thank you, Juanito, for the nftables.tcz extension! I was thrilled when I found it in the repository. One thought about the extension: Since it is meant to replace iptables.tcz, perhaps it should include libxtables.12.2.0 and not depend on iptables.tcz for it? Or maybe libxtables should be its own extension that both iptables.tcz and nftables.tcz depend on? I don't know the best/most correct way, just thinking out loud.

GNUser:
Rich: I will add libxtables to my backup, then will remove iptables.tcz from the two .dep files that list it. At that point, iptables.tcz will no longer be loaded, which in effect disables it completely ;D Thread may be marked as solved!

GNUser:
To clarify the dependency web:
- wireguard-tools.tcz depends on either nftables.tcz or iptables.tcz (if both extensions are present, it uses nftables)
- nftables.tcz and iptables.tcz both depend on the library libxtables
- nftables.tcz does not actually need anything in iptables.tcz other than libxtables

Rich:
Hi GNUser

--- Quote from: GNUser on December 17, 2021, 01:07:01 PM --- ... that both  iptables  and  nftables  are just human-friendly constructs to manipulate the Netfilter engine. ...
--- End quote ---
That was mentioned in the  serverfault  link that I posted as well as other sources I viewed.

I also noticed this on the git site:

--- Code: ---AC_ARG_WITH([xtables], [AS_HELP_STRING([--with-xtables],
            [Use libxtables for iptables interaction])],
    [], [with_xtables=no])
--- End code ---
It appears  .configure  allows you to disable xtables when building nfttables.

Found here:
https://git.netfilter.org/nftables/tree/configure.ac

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version