Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/doc: improve release notes for iptables-nft and systemd with nftables backend #161426

Merged
merged 1 commit into from
Feb 24, 2022
Merged

nixos/doc: improve release notes for iptables-nft and systemd with nftables backend #161426

merged 1 commit into from
Feb 24, 2022

Conversation

flokli
Copy link
Contributor

@flokli flokli commented Feb 22, 2022

This change probably wasn't documented sufficiently in the release
notes, neither the fact systemd stopped using iptables on its own in
case of nf_tables support.

Fixes #156041.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@flokli
nixos/doc: improve release notes for iptables-nft and systemd with nf…
753a43c 
…tables backend

This change probably wasn't documented sufficiently in the release
notes, neither the fact systemd stopped using iptables on its own in
case of nf_tables support.

Fixes NixOS#156041.
@flokli flokli mentioned this pull request Feb 22, 2022
Closed
@flokli flokli mentioned this pull request Feb 22, 2022
Open
@flokli flokli merged commit 6ebc6ca into NixOS:master Feb 24, 2022
jonringer
jonringer approved these changes Feb 24, 2022
View reviewed changes
Copy link
Contributor

@jonringer jonringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Result of nixpkgs-review pr 161426 run on x86_64-linux 1

2 packages blacklisted:
  • nixos-install-tools
  • tests.nixos-functions.nixos-test

@flokli flokli deleted the rl-2111-nftables branch February 24, 2022 16:22
@github-actions github-actions bot mentioned this pull request Feb 24, 2022
Merged
1 task
@github-actions
Copy link
Contributor

Successfully created backport PR #161682 for release-21.11.

flokli added a commit to flokli/nixpkgs that referenced this pull request Mar 9, 2022
@flokli
nixos/doc: update rl-2111 w.r.t. iptables-nft migration
788abdb 
Follow-up on NixOS#161426.

Explain why having legacy iptables rules installed can lead to confusing
firewall behaviour, and provide some guidance on how to fix this.
@flokli flokli mentioned this pull request Mar 9, 2022
Merged
13 tasks
github-actions bot pushed a commit that referenced this pull request Mar 12, 2022
@flokli @github-actions
nixos/doc: update rl-2111 w.r.t. iptables-nft migration
03dab6b 
Follow-up on #161426.

Explain why having legacy iptables rules installed can lead to confusing
firewall behaviour, and provide some guidance on how to fix this.

(cherry picked from commit 788abdb)
yayayayaka pushed a commit to yayayayaka/nixpkgs that referenced this pull request May 1, 2022
@flokli @yayayayaka
nixos/doc: update rl-2111 w.r.t. iptables-nft migration
0c0f94d 
Follow-up on NixOS#161426.

Explain why having legacy iptables rules installed can lead to confusing
firewall behaviour, and provide some guidance on how to fix this.

(cherry picked from commit 788abdb)
awake-bot pushed a commit to awakesecurity/nixpkgs that referenced this pull request Jul 11, 2023
@flokli @jsoo1
nixos/doc: update rl-2111 w.r.t. iptables-nft migration
8461a2f 
Follow-up on NixOS#161426.

Explain why having legacy iptables rules installed can lead to confusing
firewall behaviour, and provide some guidance on how to fix this.

(cherry picked from commit 788abdb)
jsoo1 pushed a commit to awakesecurity/nixpkgs that referenced this pull request Jul 12, 2023
@flokli @jsoo1
nixos/doc: update rl-2111 w.r.t. iptables-nft migration
893aaaa 
Follow-up on NixOS#161426.

Explain why having legacy iptables rules installed can lead to confusing
firewall behaviour, and provide some guidance on how to fix this.

(cherry picked from commit 788abdb)
jsoo1 pushed a commit to awakesecurity/nixpkgs that referenced this pull request Jul 13, 2023
@flokli @jsoo1
nixos/doc: update rl-2111 w.r.t. iptables-nft migration
2276aea 
Follow-up on NixOS#161426.

Explain why having legacy iptables rules installed can lead to confusing
firewall behaviour, and provide some guidance on how to fix this.

(cherry picked from commit 788abdb)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonringer jonringer jonringer approved these changes

@c0bw3b c0bw3b c0bw3b approved these changes

@fpletz fpletz Awaiting requested review from fpletz

@misuzu misuzu Awaiting requested review from misuzu

@andir andir Awaiting requested review from andir

@datafoo datafoo Awaiting requested review from datafoo

Assignees
No one assigned
Labels
6.topic: nixos 8.has: changelog 8.has: documentation 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot see iptables masquerade rule set by systemd since 21.11
3 participants
@flokli @jonringer @c0bw3b