From f898fde5860cf7b61519fbde0c8152ea888ed491 Mon Sep 17 00:00:00 2001
From: misuzu <bakalolka@gmail.com>
Date: Tue, 28 Apr 2020 16:36:13 +0300
Subject: [PATCH] docs/release-notes: mention iptables switch

---
 .../from_md/release-notes/rl-2111.section.xml      | 14 ++++++++++++++
 nixos/doc/manual/release-notes/rl-2111.section.md  |  4 ++++
 2 files changed, 18 insertions(+)

diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
index 8af8f1dd6437..ba07b60cf684 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@@ -15,6 +15,12 @@
   <section xml:id="sec-release-21.11-highlights">
     <title>Highlights</title>
     <itemizedlist>
+      <listitem>
+        <para>
+          <literal>iptables</literal> now uses
+          <literal>nf_tables</literal> backend.
+        </para>
+      </listitem>
       <listitem>
         <para>
           PHP now defaults to PHP 8.0, updated from 7.4.
@@ -328,6 +334,14 @@
           nobody/nogroup, which is unsafe.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          Since <literal>iptables</literal> now uses
+          <literal>nf_tables</literal> backend and
+          <literal>ipset</literal> doesn’t support it, some applications
+          (ferm, shorewall, firehol) may have limited functionality.
+        </para>
+      </listitem>
       <listitem>
         <para>
           The <literal>paperless</literal> module and package have been
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md
index f22a532972be..4f153632b73c 100644
--- a/nixos/doc/manual/release-notes/rl-2111.section.md
+++ b/nixos/doc/manual/release-notes/rl-2111.section.md
@@ -6,6 +6,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 ## Highlights {#sec-release-21.11-highlights}
 
+- `iptables` now uses `nf_tables` backend.
+
 - PHP now defaults to PHP 8.0, updated from 7.4.
 
 - kOps now defaults to 1.21.1, which uses containerd as the default runtime.
@@ -103,6 +105,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 - The `security.wrappers` option now requires to always specify an owner, group and whether the setuid/setgid bit should be set.
   This is motivated by the fact that before NixOS 21.11, specifying either setuid or setgid but not owner/group resulted in wrappers owned by nobody/nogroup, which is unsafe.
 
+- Since `iptables` now uses `nf_tables` backend and `ipset` doesn't support it, some applications (ferm, shorewall, firehol) may have limited functionality.
+
 - The `paperless` module and package have been removed. All users should migrate to the
   successor `paperless-ng` instead. The Paperless project [has been
   archived](https://github.com/the-paperless-project/paperless/commit/9b0063c9731f7c5f65b1852cb8caff97f5e40ba4)