iptables: use nft backend with libnftnl PACKAGECONFIG

Currently, when the libnftnl (part of meta-networking) PACKAGECONFIG is enabled for iptables, both legacy and nft-based binaries are built and installed in the image. However, the "iptables" symlink in this case still points to xtables-legacy-multi, rather than xtables-nft-multi. This patch adds a conditional check to replace the symlink to point to the latter if iptables is built with libnftnl support, which is consistent with other major distros (e.g. Fedora). The "iptables-legacy" symlink remains present and unmodified. (From OE-Core rev: bc41682ab2a259b7bc6a56fa3ba42907f4c8bf25) Signed-off-by: tgamblin <trevor.gamblin@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-26 00:32:12 +02:00 · 2022-03-17 15:22:27 -04:00
parent 547cf5b820
commit 6869c34df8
1 changed files with 5 additions and 0 deletions
--- a/meta/recipes-extended/iptables/iptables_1.8.7.bb
+++ b/meta/recipes-extended/iptables/iptables_1.8.7.bb
@@ -66,6 +66,11 @@ do_install:append() {
            -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \
            ${D}${systemd_system_unitdir}/ip6tables.service
    fi
+
+    # if libnftnl is included, make the iptables symlink point to the nft-based binary by default
+    if ${@bb.utils.contains('PACKAGECONFIG', 'libnftnl', 'true', 'false', d)} ; then
+        ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables 
+    fi
 }

 PACKAGES =+ "${PN}-modules ${PN}-apply"