mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-01 13:55:36 +00:00
firewall: change default for firewall-backend to "nftables""
It seems that the nftables backend works well. Let's change the default.
This will also be backported to nm-1-32 branch, for 1.32.0 release.
This reverts commit 0609f1f31c
.
This commit is contained in:
parent
be4b997e4f
commit
79d9441567
4
NEWS
4
NEWS
|
@ -27,7 +27,9 @@ USE AT YOUR OWN RISK. NOT RECOMMENDED FOR PRODUCTION USE!
|
|||
This allows to configure devices in udev for which DHCPOFFER messages are to be
|
||||
broadcast.
|
||||
* firewall: add nftables firewall backend for configuring IPv4 NAT with shared
|
||||
mode.
|
||||
mode. Now two backends are supported, "iptables" and "nftables". The default
|
||||
gets detected based on whether /usr/sbin/nft or /usr/sbin/iptables is installed,
|
||||
with nftables preferred.
|
||||
* ethtool: add support for pause settings.
|
||||
* Support "prohibit"/"blackhole"/"unreachable" type routing rules.
|
||||
* Now NetworkManager preserves by default the existing traffic control
|
||||
|
|
|
@ -738,9 +738,12 @@ nm_firewall_config_apply(NMFirewallConfig *self, gboolean shared)
|
|||
static NMFirewallBackend
|
||||
_firewall_backend_detect(void)
|
||||
{
|
||||
/* For the moment, we still default to iptables. This should
|
||||
* change once nftables is proven to work well. */
|
||||
return NM_FIREWALL_BACKEND_IPTABLES;
|
||||
if (g_file_test(NFT_PATH, G_FILE_TEST_IS_EXECUTABLE))
|
||||
return NM_FIREWALL_BACKEND_NFTABLES;
|
||||
if (g_file_test(IPTABLES_PATH, G_FILE_TEST_IS_EXECUTABLE))
|
||||
return NM_FIREWALL_BACKEND_IPTABLES;
|
||||
|
||||
return NM_FIREWALL_BACKEND_NFTABLES;
|
||||
}
|
||||
|
||||
NMFirewallBackend
|
||||
|
|
Loading…
Reference in a new issue