Debian 10: How can I disable nftables and continue to use IPTables only?

debian iptables firewall port-forwarding nftables

6,979

Solution 1

At least for Debian 10 this should work:

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy

Solution 2

For anyone who might find this, I tried the solution above, but had a further issue after running update-alternatives where I got this error:

update-alternatives: error: alternative /usr/sbin/iptables-legacy for iptables not registered; not setting

The solution was to manually add it as an alternative:

sudo update-alternatives \
--install /usr/sbin/iptables iptables /usr/sbin/iptables-legacy 10 \
--slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-legacy-restore \
--slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-legacy-save

6,979

Author by

manifestor

Updated on September 18, 2022

Comments

manifestor over 1 year

I just installed a new Debian 10 and realized that both nftables and iptables are active and somehow my IPTables rules get mixed up and don't work properly.

How can I completely disable nftables and use IPTables-only instead?
- Michael Hampton almost 4 years
  
  iptables is deprecated and going away. If you have iptables rules, they should have been automatically copied to the corresponding nft tables. We are all going to have to learn nftables; you may as well start now.