#68 Disable legacy iptables support
Merged 2 years ago by zbyszek. Opened 2 years ago by dcavalca.
rpms/ dcavalca/systemd libiptc  into  rawhide

file modified
+5 -2
@@ -31,7 +31,7 @@ 

  Url:            https://www.freedesktop.org/wiki/Software/systemd

  %if %{without inplace}

  Version:        249.7

- Release:        2%{?dist}

+ Release:        3%{?dist}


  # determine the build information from local checkout

  Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
@@ -460,7 +460,7 @@ 




-         -Dlibiptc=true

+         -Dlibiptc=false



@@ -1010,6 +1010,9 @@ 

  %files standalone-sysusers -f .file-list-standalone-sysusers



+ * Fri Nov 19 2021 Davide Cavalca <dcavalca@fedoraproject.org> - 249.7-3

+ - Disable legacy iptables support


  * Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.7-2

  - Supress errors from update-helper when selinux is enabled (see #2023332)


Fedora has shipped iptables-nft as the default since F32 (https://fedoraproject.org/wiki/Changes/iptables-nft-default). As discussed with @anitazha, this should disable the dependency on the legacy libiptc in systemd and make it prefer the nftables backend instead. This mostly just impacts IPMasquerade= in systemd.network configs and systemd-nspawn --port.

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

Yeah, I think we should do this. There was a bug open previously with a similar request, https://bugzilla.redhat.com/show_bug.cgi?id=1934638. More time has passed, and it'll be even longer before F36 is released.

Pull-Request has been merged by zbyszek

2 years ago