File: README.Debian

package info (click to toggle)
ebtables 2.0.11-4
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, sid
  • size: 2,144 kB
  • sloc: ansic: 9,451; sh: 4,647; makefile: 61; perl: 45
file content (60 lines) | stat: -rw-r--r-- 2,175 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
nftables & ebtables
===================

nftables is the replacement of ebtables by the Netfilter project.
You are encouraged to migrate now to nftables.

If you are developing a new firewall or network service, then writing a
nftables ruleset from the beginnig should be fine.
If you would like to migrate or translate your previous
iptables/ip6tables/arptables/ebtables rulesets to nftables then keep reading.

There are some tools in place to help you moving from
iptables/ip6tables/arptables/ebtables to nftables, following 2 basic
approaches:

 * command line translation
   (iptables-translate, iptables-restore-translate,
   ip6tables-translate, ip6tables-restore-translate)

 * syntax reuse with nf_tables backend
   (iptables-nft, iptables-nft-restore, iptables-nft-save,
   ip6tables-nft, ip6tables-nft-restore, ip6tables-nft-save,
   arptables-nft, arptables-nft-save, arptables-nft-restore,
   ebtables-nft, ebtables-nft-save, ebtables-nft-restore)

Documentation on how to use these tools can be found at:

 * https://wiki.debian.org/Moving_from_iptables_to_nftables
 * https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables
 * xtables-nft(8) manpage
 * xtables-translate(8) manpage

alternatives
============

The legacy binaries are now installed as:

 * /usr/sbin/ebtables-legacy
 * /usr/sbin/ebtables-legacy-restore
 * /usr/sbin/ebtables-legacy-save

The nft-based tools (tools which accepts the legacy syntax but use the nf_tables
kernel subsystem) are installed as:

 * /usr/sbin/ebtables-nft
 * /usr/sbin/ebtables-nft-restore
 * /usr/sbin/ebtables-nft-save

The ebtables Debian package installs the legacy binaries and the
nft-based tools are installed by the iptables package, giving the nft
version more priority by default in the update-alternatives
system. This means that if you install both packages, you will be using
the nft tools instead of the legacy ones.

Remember, you can change this at runtime using the `update-alternatives`
command.

NOTE: make sure you don't mix ebtables-legacy and ebtables-nft
rulesets in the same machine at the same time just for sanity and to
avoid unexpected behaviours in your network.