AptiviArch Linux now uses the “nft” backend for iptables!
iptables is a utility program for Linux that provides you a method to configure filtering rules for IP protocol, configured as different Netfilter modules. It works as a firewall to implement a different set of rules that change how the packets are treated.
Arch Linux used to provide two packages for this utility, which included:
iptables-nft: This package contains theiptablesbinary with nft as the backendiptables: This package contains theiptablesbinary with the legacy backend
The Arch Linux development team has now implemented the nft backend as the default backend for the iptables utility, which caused the iptables-nft package to be considered a legacy package. Similarly, a new package, called iptables-legacy, has been created to preserve the legacy behavior.
According to the official news, instructions to the system administrators have been provided to ensure that your firewall rules still work. Moreover, you’ll need to check your /etc/iptables directory for any .pacsave files related to the following files:
/etc/iptables/iptables.rules.pacsave/etc/iptables/ip6tables.rules.pacsave
If you have any of the above files, you’ll need to restore the rules manually to ensure that they work prior to the upgrade. You can perform the full system upgrade by running pacman -Syu as root.
The developers noted that most configurations should work with no changes made once upgrades to the iptables package have been made. However, if you are one of the system administrators who rely on either the uncommon xtables extension or the legacy behavior, you’ll need to uninstall iptables and install iptables-legacy.
