Revert "iptables: Migrate towards nftables"

author Michael Tremer <michael.tremer@ipfire.org>

Sun, 18 Jan 2026 12:24:59 +0000 (12:24 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Sun, 18 Jan 2026 12:26:48 +0000 (12:26 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Sun, 18 Jan 2026 12:24:59 +0000 (12:24 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Sun, 18 Jan 2026 12:26:48 +0000 (12:26 +0000)
diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables

index fa4ecefed10ad68f29cd845e356dbb9de06c3461..06e4ab7b49908b84691fab40be73cea2902756ee 100644 (file)
--- a/config/rootfiles/common/iptables
+++ b/config/rootfiles/common/iptables
@@ -1,4 +1,3 @@
-etc/ethertypes
  #lib/libip4tc.la
  lib/libip4tc.so
  lib/libip4tc.so.2
@@ -16,23 +15,6 @@ lib/libxtables.so
  lib/libxtables.so.12
  lib/libxtables.so.12.7.0
  #lib/xtables
-lib/xtables/libarpt_mangle.so
-lib/xtables/libebt_802_3.so
-lib/xtables/libebt_among.so
-lib/xtables/libebt_arp.so
-lib/xtables/libebt_arpreply.so
-lib/xtables/libebt_dnat.so
-lib/xtables/libebt_ip.so
-lib/xtables/libebt_ip6.so
-lib/xtables/libebt_log.so
-lib/xtables/libebt_mark.so
-lib/xtables/libebt_mark_m.so
-lib/xtables/libebt_nflog.so
-lib/xtables/libebt_pkttype.so
-lib/xtables/libebt_redirect.so
-lib/xtables/libebt_snat.so
-lib/xtables/libebt_stp.so
-lib/xtables/libebt_vlan.so
  lib/xtables/libip6t_DNPT.so
  lib/xtables/libip6t_HL.so
  lib/xtables/libip6t_NETMAP.so
@@ -139,49 +121,23 @@ lib/xtables/libxt_time.so
  lib/xtables/libxt_tos.so
  lib/xtables/libxt_u32.so
  lib/xtables/libxt_udp.so
-sbin/arptables
-#sbin/arptables-nft
-#sbin/arptables-nft-restore
-#sbin/arptables-nft-save
-sbin/arptables-restore
-sbin/arptables-save
-#sbin/arptables-translate
-sbin/ebtables
-#sbin/ebtables-nft
-#sbin/ebtables-nft-restore
-#sbin/ebtables-nft-save
-sbin/ebtables-restore
-sbin/ebtables-save
-#sbin/ebtables-translate
  sbin/ip6tables
  sbin/ip6tables-apply
  #sbin/ip6tables-legacy
  #sbin/ip6tables-legacy-restore
  #sbin/ip6tables-legacy-save
-#sbin/ip6tables-nft
-#sbin/ip6tables-nft-restore
-#sbin/ip6tables-nft-save
  sbin/ip6tables-restore
-#sbin/ip6tables-restore-translate
  sbin/ip6tables-save
-#sbin/ip6tables-translate
  sbin/iptables
  sbin/iptables-apply
  #sbin/iptables-legacy
  #sbin/iptables-legacy-restore
  #sbin/iptables-legacy-save
-#sbin/iptables-nft
-#sbin/iptables-nft-restore
-#sbin/iptables-nft-save
  sbin/iptables-restore
-#sbin/iptables-restore-translate
  sbin/iptables-save
-#sbin/iptables-translate
  sbin/iptables-xml
  #sbin/nfnl_osf
-#sbin/xtables-legacy-multi
-sbin/xtables-monitor
-sbin/xtables-nft-multi
+sbin/xtables-legacy-multi
  #usr/include/libipq.h
  #usr/include/libiptc
  #usr/include/libiptc/ipt_kernel_headers.h
@@ -208,30 +164,16 @@ sbin/xtables-nft-multi
  #usr/share/man/man3/ipq_set_mode.3
  #usr/share/man/man3/ipq_set_verdict.3
  #usr/share/man/man3/libipq.3
-#usr/share/man/man8/arptables-nft-restore.8
-#usr/share/man/man8/arptables-nft-save.8
-#usr/share/man/man8/arptables-nft.8
-#usr/share/man/man8/arptables-translate.8
-#usr/share/man/man8/ebtables-nft.8
-#usr/share/man/man8/ebtables-translate.8
  #usr/share/man/man8/ip6tables-apply.8
-#usr/share/man/man8/ip6tables-restore-translate.8
  #usr/share/man/man8/ip6tables-restore.8
  #usr/share/man/man8/ip6tables-save.8
-#usr/share/man/man8/ip6tables-translate.8
  #usr/share/man/man8/ip6tables.8
  #usr/share/man/man8/iptables-apply.8
  #usr/share/man/man8/iptables-extensions.8
-#usr/share/man/man8/iptables-restore-translate.8
  #usr/share/man/man8/iptables-restore.8
  #usr/share/man/man8/iptables-save.8
-#usr/share/man/man8/iptables-translate.8
  #usr/share/man/man8/iptables.8
  #usr/share/man/man8/nfnl_osf.8
-#usr/share/man/man8/xtables-legacy.8
-#usr/share/man/man8/xtables-monitor.8
-#usr/share/man/man8/xtables-nft.8
-#usr/share/man/man8/xtables-translate.8
  #usr/share/xtables
  usr/share/xtables/iptables.xslt
  usr/share/xtables/pf.os
diff --git a/lfs/iptables b/lfs/iptables

index 0698137335cfae644be009ea797ff5469842e080..e8c4069d6e849d219bda862bdbf63a4d8f8c1f6c 100644 (file)
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -89,15 +89,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                 --bindir=/sbin \
                 --sbindir=/sbin \
                 --mandir=/usr/share/man \
-               --sysconfdir=/etc \
-               --enable-nftables \
+               --disable-nftables \
                 --with-pkgconfigdir=/usr/lib/pkgconfig
  
         cd $(DIR_APP) && make $(MAKETUNING)
         cd $(DIR_APP) && make install
  
-       # Use iptables-nft by default
-       ln -svf xtables-nft-multi /sbin/iptables
-
         @rm -rf $(DIR_APP) $(DIR_SRC)/netfilter-layer7*
         @$(POSTBUILD)
author	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 18 Jan 2026 12:24:59 +0000 (12:24 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 18 Jan 2026 12:26:48 +0000 (12:26 +0000)
config/rootfiles/common/iptables		patch \| blob \| blame \| history
lfs/iptables		patch \| blob \| blame \| history