hi, since a while ago firewalld, the default firewall tool on TW, switched to nftables. Sadly not all tools followed that switch so now you can run into the situation that you have a perfectly configured firewalld firewall but you traffic still doesnt work, because there is a parallel iptables firewall. ARGH! to make it easier to switch over all tools without having to have a new chain of `%if 0%{?suse_version}` cascades for this, we set up the macro default_firewall_backend in TW, ALP/SLFO and SLE 15.x that should make it easy to have one spec file that can adapt to prefer one of the other depending on the distro. to take an example from the libvirt package: ``` %if 0%{?suse_version} > 1500 %define prefer_nftables 1 %define firewall_backend_priority nftables,iptables %else %define prefer_nftables 0 %define firewall_backend_priority iptables,nftables %endif ``` we can now rewrite this to: ``` %if "%{?default_firewall_backend}" == "nftables" %define prefer_nftables 1 %define firewall_backend_priority nftables,iptables %else %define prefer_nftables 0 %define firewall_backend_priority iptables,nftables %endif ``` if you only care about BuildRequires or some configure option you can of course directly use: ``` BuildRequires: %{default_firewall_backend} [snip] %build %configure --with-firewall-backend=%{default_firewall_backend} ``` hth darix -- Always remember: Never accept the world as it appears to be. Dare to see it for what it could be. The world can always use more heroes.