From 94eebc9c2cdb912169089d291f1f4326bc8cfee6 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 24 Aug 2020 16:14:07 +0200 Subject: [PATCH] testing: Use legacy iptables on Debian buster The iptables-nft wrapper that uses the nftables framework can't handle the CLUSTERIP target (plus we'd require nftables in the kernel). --- testing/scripts/build-baseimage | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage index 53bcb9039d..459e576824 100755 --- a/testing/scripts/build-baseimage +++ b/testing/scripts/build-baseimage @@ -135,5 +135,14 @@ do execute_chroot "systemctl disable $service" done +case "$BASEIMGSUITE" in +buster) + log_action "Switching from iptables-nft to iptables-legacy" + execute_chroot "update-alternatives --set iptables /usr/sbin/iptables-legacy" 0 + execute_chroot "update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy" 0 + log_status 0 + ;; +esac + log_action "Disabling root password" execute_chroot "passwd -d root" -- 2.47.2