Remove iptables package #197
Conversation
Podman 6.0 won't support iptables anymore. It's a good opportunity to remove iptables from machine-os too. This is a follow-up of containers/netavark#1353 containers/podman#27555 and related to https://issues.redhat.com/browse/RUN-3723 Signed-off-by: Mario Loriedo <[email protected]>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: l0rd The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Note this here was never added for WSL but rather because end users wnated to use iptables inside the containers and without the nodule being loaded on the host that won't work, containers/podman#25153 I don't mind the removal per se, I think 6.0 is a good timing but maybe we should try to find out if users still need it. Overall this "costs" us nothing to keep as long as fedora keeps building kernels with these modules so if we know of users I think keeping this is best. @ankudinov you reported the original issue, do you still require iptables support inside the containers? |
|
@Luap99 and @l0rd If this "cost nothing", I'd appreciate if we keep legacy iptables. The reality is complex and not every container running on Podman will be up to date. Our use case is running containerized network OS (Arista cEOS-lab) which was heavily relying on iptables until recently, while we have ongoing work to switch to nftables and recent images should be fine, we still have plenty of legacy images in the field. Also lab / dev environments can bring a lot of surprises. @Luap99 Thank you for asking. One reason I love Podman so much is that I can always tell a network engineer (that knows nothing about the kernel) - Podman just works! And avoid building custom machine. You are the best guys! |
|
Thank you @ankudinov for your feedback. Let me close this PR then. |
| openssh-server | ||
| cifs-utils | ||
| nfs-utils-coreos | ||
| iptables-nft |
There was a problem hiding this comment.
I think we can still remove this package install though. If people are using it inside the container they won't need the package on the host.
| # TODO (6.0): consider removing this in a major release where we can justify | ||
| # removing legacy modules. |
There was a problem hiding this comment.
We might want to update the comment then, maybe just link to my comment on the PR.
|
Ok, PR updated and reopened. With only the package removed and the comment updated. |
l0rd
changed the title
|
GitHub doesn't let me reopen the PR because I force-pushed the branch while it was closed. |
3 participants
Podman 6.0 no longer supports iptables. It's a good opportunity to remove iptables from machine-os too.
This is a follow-up of
And related to https://issues.redhat.com/browse/RUN-3723
We should wait for containers/podman#27555 to be merged before merging this one (WSL machine e2e tests as currently configured to use iptables).