[systemd-devel] [HEADSUP] nspawn/networkd: moving from iptables to nftables

[Daniel Mack]

On 06/01/2015 10:11 PM, Ian Pilcher wrote:
> Is this going to make nspawn/networkd fundamentally incompatible with
> distributions that use iptables-based tools (such as firewalld)?

No, nftables and iptables can peacefully coexist. With nftables though,
systemd can have a table of its own, and hence clearly separate its
rules from such installed by other parts of the OS.

The only heads-up here is that for masquerading support in nftables, the
host kernel needs to be >= v3.18 and have the appropriate modules enabled.


Thanks,
Daniel