We can set NETAVARK_DEFAULT_FW and require nftables-related package, this should ensure Tumbleweed netavark backend is nftables. iiuc, `iptables-backend-nft` seems to be the hybrid compat solution helping
Yes, I think we should load both ip_tables and ip6_tables, specially on SLE-15, not sure if we can remove that from Tumbleweed since netavark would default to nftables. A conditional require on nftables doesn't sound too bad iff we can ascertain
https://bugzilla.suse.com/show_bug.cgi?id=1231424 https://bugzilla.suse.com/show_bug.cgi?id=1231424#c5 Danish Prakash <danish.prakash@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(danish.prakash@su | |se.com) | --- Comment #5 from Danish Prakash <danish.prakash@suse.com> --- (In reply to Alexandre Vicenzi from comment #4) transitioning users from iptables to nftables. SP3[1] switched to nftables as the default firewalld backend but that link re: openSUSE nftables shared earlier[2] doesn't definitively say that nftables indeed is the default on all openSUSE flavors. We should move to setting nftables if we can confirm this. that openSUSE has nftables (I'm still a little skeptical)
Dasnish, can we move the module load config to CNI and netavark packages? Either package installed would ensure it is being loaded. Or does Podman need iptables for something else? I'm unsure if podman needs it for anything other than CNI, but I was referencing podman's upstream rpm spec, which seems to load ip* modules. I'll check with upstream if there's any other reason to do so.
[1] - https://www.suse.com/support/kb/doc/?id=000020643 [2] - https://progress.opensuse.org/news/112 -- You are receiving this mail because: You are on the CC list for the bug.