testing: Use legacy iptables on Debian buster

The iptables-nft wrapper that uses the nftables framework can't handle
the CLUSTERIP target (plus we'd require nftables in the kernel).

diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage
index 53bcb9039dba2d54791523444466dfabbc1a4668..459e576824976ac9ff5f794a7b964a9855966058 100755 (executable)
--- a/testing/scripts/build-baseimage
+++ b/testing/scripts/build-baseimage
@@ -135,5 +135,14 @@ do
        execute_chroot "systemctl disable $service"
 done
 
+case "$BASEIMGSUITE" in
+buster)
+       log_action "Switching from iptables-nft to iptables-legacy"
+       execute_chroot "update-alternatives --set iptables /usr/sbin/iptables-legacy" 0
+       execute_chroot "update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy" 0
+       log_status 0
+       ;;
+esac
+
 log_action "Disabling root password"
 execute_chroot "passwd -d root"