23rd Nov, 2019, 08:04 PM
This is just something I want to share since it affects the security of your raspberry pi and probably your LAN too...
I found out after upgrading to Buster that iptables was no longer working.
(I am using iptables in combination with fail2ban)
It seems that by default it has been changed to nft (iptables-nft) in Buster.
Fortunately you can still use the 'old' iptables (or you can decide to use and reconfigure stuff with nft).
This shows the available options:
# update-alternatives --list iptables
/usr/sbin/iptables-legacy
/usr/sbin/iptables-nft
With following command you can choose the legacy (old) iptables selecting 1:
# update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).
Selection Path Priority Status
------------------------------------------------------------
0 /usr/sbin/iptables-nft 20 auto mode
* 1 /usr/sbin/iptables-legacy 10 manual mode
2 /usr/sbin/iptables-nft 20 manual mode
Press <enter> to keep the current choice[*], or type selection number: 1
I found out after upgrading to Buster that iptables was no longer working.
(I am using iptables in combination with fail2ban)
It seems that by default it has been changed to nft (iptables-nft) in Buster.
Fortunately you can still use the 'old' iptables (or you can decide to use and reconfigure stuff with nft).
This shows the available options:
# update-alternatives --list iptables
/usr/sbin/iptables-legacy
/usr/sbin/iptables-nft
With following command you can choose the legacy (old) iptables selecting 1:
# update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).
Selection Path Priority Status
------------------------------------------------------------
0 /usr/sbin/iptables-nft 20 auto mode
* 1 /usr/sbin/iptables-legacy 10 manual mode
2 /usr/sbin/iptables-nft 20 manual mode
Press <enter> to keep the current choice[*], or type selection number: 1
