From 9867b7a52c288c6da1ce3384ab5d196fa4fb7975 Mon Sep 17 00:00:00 2001 From: Maciej Delmanowski Date: Mon, 29 Nov 2021 13:03:28 +0100 Subject: [PATCH] [ferm] Change default iptables backend to 'legacy' (cherry picked from commit 0ec281248b727cb444257bccca1839657937ada6) (cherry picked from commit 433c3f274d98e58a2c9d5c1992e02d0f58d709a3) (cherry picked from commit 0fe03203ae9f0673780ba6a1f5309ad6a497d261) --- CHANGELOG.rst | 8 ++++++++ ansible/roles/ferm/defaults/main.yml | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 61cb9f85bf..7c791406d6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -73,6 +73,14 @@ Continuous Integration change. You might need to update your Ansible inventory to select the correct backend. +- The default backend for :command:`iptables` is changed to ``legacy`` on newer + OS releases, because `there's no plans`__ to support :command:`nftables` + backend by the :command:`ferm` project. You might want to check if the + firewall configuration is correctly applied after running the role against + already configured hosts. + + .. __: https://github.com/MaxKellermann/ferm/issues/47 + :ref:`debops.pki` role '''''''''''''''''''''' diff --git a/ansible/roles/ferm/defaults/main.yml b/ansible/roles/ferm/defaults/main.yml index d36be131bf..8d28316d30 100644 --- a/ansible/roles/ferm/defaults/main.yml +++ b/ansible/roles/ferm/defaults/main.yml @@ -62,7 +62,7 @@ ferm__iptables_backend_enabled: '{{ False # # Ferm does not support nftables backend, therefore the legacy variant is # enabled by default. -ferm__iptables_backend_type: 'nft' +ferm__iptables_backend_type: 'legacy' # ]]] # .. envvar:: ferm__base_packages [[[