From:
[email protected]
Package: nftables
Version: 1.1.3-1
Severity: important
Dear Maintainer,
During unattended-upgrade from nftables version 1.1.2-1 to 1.1.3-1,
my containers with exposed ports no longer work until I restart them.
It seems that during package upgrade, nftables.postinst tried to
restart nftables.service and executed the command line specified
in ExecStop= directive, which flushed the whole ruleset.
Although nftables rules can be loaded from /etc/nftables.conf via
ExecStart=, all iptables rules were lost and exposed ports for my
containers stop working.
I didn't expect flushing the whole ruleset during package upgrade.
As that breaks all application maintaining iptables rule in runtime.
-- System Information:
Debian Release: 13.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Versions of packages nftables depends on:
ii libc6 2.41-9
ii libedit2 3.1-20250104-1
ii libnftables1 1.1.3-1
Versions of packages nftables recommends:
ii netbase 6.5
Versions of packages nftables suggests:
pn firewalld <none>
-- no debconf information
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)