Commits on Jan 25, 2022

1. defaults: Look for iptables-nft if iptables binary not found …

   For systems switching to nftables, the iptables-nft binary can be used as a
   compatibility layer for applications relying on iptables. Not every
   distribution (notably OpenWrt) installs a symlink from iptables-nft to
   iptables, though, so add a fallback check for iptables-nft if we can't find
   iptables itself.
   
   Both binaries can be present on the same system simultaneously, so we can't
   really infer anything from their presence. In the interest of not breaking
   existing setups, prefer the regular 'iptables' binary over 'iptables-nft'.
   
   Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

   

   tohojo committed Jan 25, 2022
   Copy the full SHA

   5463adb View commit details

   Browse the repository at this point in the history

2. functions: Add verify_iptables to explicitly check if iptables is found …

   Add a new function to explicitly check if we found an iptables binary on
   startup; and call this from simple.qos so we can error out when this
   happens.
   
   Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

   

   tohojo committed Jan 25, 2022
   Copy the full SHA

   9323c3a View commit details

   Browse the repository at this point in the history

3. openwrt: Default to iptables-nft …

   OpenWrt is moving to using nftables by default, but the 'iptables' binary
   is likely to stick around for a while. So add a platform-specific
   preference for using iptables-nft (if it exists). We'll still fall back to
   'iptables' if 'iptables-nft' is not installed on the system, and we'll
   still get the warning if neither exists and simple.qos is used.
   
   Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

   

   tohojo committed Jan 25, 2022
   Copy the full SHA

   350432d View commit details

   Browse the repository at this point in the history