docs/release-notes: mention iptables switch

2020-04-28 16:36:13 +03:00 · 2020-04-28 16:36:13 +03:00 · f898fde586
commit f898fde586
parent f8235a5981
2 changed files with 18 additions and 0 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@ -15,6 +15,12 @@
  <section xml:id="sec-release-21.11-highlights">
    <title>Highlights</title>
    <itemizedlist>
+      <listitem>
+        <para>
+          <literal>iptables</literal> now uses
+          <literal>nf_tables</literal> backend.
+        </para>
+      </listitem>
      <listitem>
        <para>
          PHP now defaults to PHP 8.0, updated from 7.4.
@ -328,6 +334,14 @@
          nobody/nogroup, which is unsafe.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          Since <literal>iptables</literal> now uses
+          <literal>nf_tables</literal> backend and
+          <literal>ipset</literal> doesn’t support it, some applications
+          (ferm, shorewall, firehol) may have limited functionality.
+        </para>
+      </listitem>
      <listitem>
        <para>
          The <literal>paperless</literal> module and package have been
--- a/nixos/doc/manual/release-notes/rl-2111.section.md
+++ b/nixos/doc/manual/release-notes/rl-2111.section.md
@ -6,6 +6,8 @@ In addition to numerous new and upgraded packages, this release has the followin

 ## Highlights {#sec-release-21.11-highlights}

+- `iptables` now uses `nf_tables` backend.
+
 - PHP now defaults to PHP 8.0, updated from 7.4.

 - kOps now defaults to 1.21.1, which uses containerd as the default runtime.
@ -103,6 +105,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 - The `security.wrappers` option now requires to always specify an owner, group and whether the setuid/setgid bit should be set.
  This is motivated by the fact that before NixOS 21.11, specifying either setuid or setgid but not owner/group resulted in wrappers owned by nobody/nogroup, which is unsafe.

+- Since `iptables` now uses `nf_tables` backend and `ipset` doesn't support it, some applications (ferm, shorewall, firehol) may have limited functionality.
+
 - The `paperless` module and package have been removed. All users should migrate to the
  successor `paperless-ng` instead. The Paperless project [has been
  archived](https://github.com/the-paperless-project/paperless/commit/9b0063c9731f7c5f65b1852cb8caff97f5e40ba4)