Firewalld Default Backend Change from iptables to nftables
This document (000020643) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 15 SP3
Situation
As of SLES 15 SP3, the default backend for firewalld has changed from iptables to nftables:
https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP3/index.html#jsc-SLE-16300
https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP3/index.html#jsc-SLE-16300
Resolution
The default backend for firewalld is now nftables. There are a few options for mitigating disruption during the transition.
The iptables-nft utility
The "iptables-nft" command can be used to run the iptables equivalent commands while using the nftables API.Change Default Backend
If necessary the backend can be switched back to iptables with the "FirewallBackend" value in the "/etc/firewalld/firewalld.conf":FirewallBackend=iptablesRestart the service after modifying the configuration file to make the change:
systemctl restart firewalld
Cause
The upstream firewalld has been focusing its backend development on nftables due to several reasons that are explained here:
https://firewalld.org/2018/07/nftables-backend
https://firewalld.org/2018/07/nftables-backend
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020643
- Creation Date: 21-Apr-2022
- Modified Date:27-Apr-2022
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
