ip6tables alternate is not setup correctly
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| iptables (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
ip6tables is not properly setup for the nft backend.
$ sudo update-alternatives --query ip6tables
Name: ip6tables
Link: /usr/sbin/ip6tables
Slaves:
ip6tables-restore /usr/sbin/
ip6tables-save /usr/sbin/
Status: auto
Best: /usr/sbin/
Value: /usr/sbin/
Alternative: /usr/sbin/
Priority: 20
Slaves:
ip6tables-restore /usr/sbin/
ip6tables-save /usr/sbin/
Alternative: /usr/sbin/
Priority: 10
Slaves:
ip6tables-restore /usr/sbin/
ip6tables-save /usr/sbin/
But, looking at the files in /usr/sbin, /usr/sbin/ip6tables is not a symlink into /etc/alternativ
$ ls -l /usr/sbin/ip6tables
-rwxr-xr-x 1 root root 99296 Feb 28 08:16 /usr/sbin/ip6tables
but the symlink in /etc/alternatives is setup ok:
$ ls -l /etc/alternativ
lrwxrwxrwx 1 root root 26 Mar 2 10:12 /etc/alternativ
This breaks, for example, ufw when the system is setup for nft.
| Changed in iptables (Ubuntu): | |
| assignee: | nobody → Jamie Strandboge (jdstrand) |
| status: | New → Triaged |
| status: | Triaged → In Progress |
| importance: | Undecided → Medium |
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in iptables (Ubuntu): | |
| status: | In Progress → Invalid |
| assignee: | Jamie Strandboge (jdstrand) → nobody |
| importance: | Medium → Undecided |
This appears to be a test environment issue. I was unable to reproduce on my laptop, in Debian sid, in an eoan to focal upgrade and a bionic to focal upgrade. iptables.postinst looks fine too. I'll reopen if I have something more concrete.