From: Tobias Brunner Date: Mon, 24 Aug 2020 14:14:07 +0000 (+0200) Subject: testing: Use legacy iptables on Debian buster X-Git-Tag: 5.9.1dr1~21^2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94eebc9c2cdb912169089d291f1f4326bc8cfee6;p=thirdparty%2Fstrongswan.git testing: Use legacy iptables on Debian buster The iptables-nft wrapper that uses the nftables framework can't handle the CLUSTERIP target (plus we'd require nftables in the kernel). --- diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage index 53bcb9039d..459e576824 100755 --- a/testing/scripts/build-baseimage +++ b/testing/scripts/build-baseimage @@ -135,5 +135,14 @@ do execute_chroot "systemctl disable $service" done +case "$BASEIMGSUITE" in +buster) + log_action "Switching from iptables-nft to iptables-legacy" + execute_chroot "update-alternatives --set iptables /usr/sbin/iptables-legacy" 0 + execute_chroot "update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy" 0 + log_status 0 + ;; +esac + log_action "Disabling root password" execute_chroot "passwd -d root"