iptables, iptables-legacy, nft & buster

[t3chn0m4g3]

While moving T-Pot from Ubuntu towards Debian (Buster, Sid, testing, unstable) I noticed, that typical iptables rules on the host (necessary to accept services not destined for glutton) stopped working to have effect once glutton started. At first I thought that nft was the root cause, but glutton actually needs rules to be setup by iptables-legacy to ensure other services are not blocked. ATM I am expecting even that will stop working with regard to nft. On startup glutton automagically is setting up iptables raw rules which I think might be part of the situation at hand. Setting up glutton to ignore ports destined for other services did not work in my case. For now I have a workaround with iptables-legacy, however this will probably not work for long, since nft is around the corner. Any suggestions?

[glaslos]

Switch Glutton to nftables?

[glaslos]

I'm working on a new "backend" for Glutton that should make the iptables rules much more considerate.

[t3chn0m4g3]

Awesome!

[glaslos]

@t3chn0m4g3 I assume we still need to switch from iptables to nft?

[t3chn0m4g3]

@glaslos 🎉