[arch-dev-public] Dropping arptables/ebtables
Hello, I would like stop maintaining arptables and ebtables and drop them in [unsupported]. The future in the linux kernel is clearly nftables and keeping them in the repository present is of little interest these days. ebtables is still an hard dependency on others packages, but the iptables-nft package ship a remplacement based on nftables. I have not tested the compatibility, so if someone think it's not possible, please let me know. If you have spare time, I suggest you take a look at the nftable package and become a master in nft-fu. It is much more convenient and efficient than the iptables / ipset / ebtables / arptables solution. For the less enthusiastic about the command line, firewalld has an nftables backend. Regards, Sébastien "Seblu" Luttringer
On 2020-12-11 10:28:27 (+0100), Sébastien Luttringer via arch-dev-public wrote:
I would like stop maintaining arptables and ebtables and drop them in [unsupported]. The future in the linux kernel is clearly nftables and keeping them in the repository present is of little interest these days.
ebtables is still an hard dependency on others packages, but the iptables-nft package ship a remplacement based on nftables. I have not tested the compatibility, so if someone think it's not possible, please let me know.
I believe kubelet does not work with nftables (yet). There needs to be testing for this. It seems lxd is also affected.
If you have spare time, I suggest you take a look at the nftable package and become a master in nft-fu. It is much more convenient and efficient than the iptables / ipset / ebtables / arptables solution. For the less enthusiastic about the command line, firewalld has an nftables backend.
I agree. I have been using it on all of my machines for quite some time. Especially in the last two years the upstream wiki documentation has also improved significantly. Best, David -- https://sleepmap.de
On Fri, 2020-12-11 at 10:28 +0100, Sébastien Luttringer wrote:
The future in the linux kernel is clearly nftables and keeping them in the repository present is of little interest these days.
If you have spare time, I suggest you take a look at the nftable package and become a master in nft-fu. It is much more convenient and efficient than the iptables / ipset / ebtables / arptables solution. For the less enthusiastic about the command line, firewalld has an nftables backend.
For the same motivations and [1], I plan to move ferm to [unsupported]. Regards, [1] https://github.com/MaxKellermann/ferm/issues/35 -- Sébastien "Seblu" Luttringer
participants (2)
-
David Runge
-
Sébastien Luttringer