diff options
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-2111.section.md')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2111.section.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index f3644c32832b..310d32cfdd72 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -13,6 +13,13 @@ In addition to numerous new and upgraded packages, this release has the followin [Fedora](https://fedoraproject.org/wiki/Changes/iptables-nft-default). This means, `ip[6]tables`, `arptables` and `ebtables` commands will actually show rules from some specific tables in the `nf_tables` kernel subsystem. + In case you're migrating from an older release without rebooting, there might + be cases where you end up with iptable rules configured both in the legacy + `iptables` kernel backend, as well as in the `nf_tables` backend. + This can lead to confusing firewall behaviour. An `iptables-save` after + switching will complain about "iptables-legacy tables present". + It's probably best to reboot after the upgrade, or manually removing all + legacy iptables rules (via the `iptables-legacy` package). - systemd got an `nftables` backend, and configures (networkd) rules in their own `io.systemd.*` tables. Check `nft list ruleset` to see these rules, not |