Having made the transition to nft it is now warranted to purge ipt from the system. However that excercise came to a sudden stop when being notified upon apt purge iptables:
The following packages will be REMOVED
ipset* iptables* lxc* lxc-utils* lxctl*
Is this dependency of LXC instigated by upstream or perhaps at downstream, albeit latter is not listing such dependency?
Why would LXC be single minded about nf userspace tools and neglect nft? This seems some gave bug.
All the packages above directly interact with the “old” iptables/ip6tables/ebtables commands, removing them from the system would break those packages, it’s therefore perfectly reasonable for the packaging manager to tell you exactly that.
Now even if we did support nftables in LXC and LXD, this still wouldn’t help you as we can’t actually make use of nftables until it’s reviewed for security and has a LTS commitment from Canonical (is promoted to main). Until such time, LXC and LXD cannot depend or recommend it at the packaging level, even if we did add support for it in the upstream code.
removing them from the system would break those packages
Well, I got LXC working/interacting with nft rules only and no issues/breaking LXC.
Even if LXC is not (yet) supporting nft it could provide an option to let the user remove ipt if so desired at the user’s risk/expense. LXC seems to be only app currently on the system preventing the removal if ipt.
It is perhpas not a big bother though, just that I prefer to keep my boxes tidy and remove anything not essential for operations.
until it’s reviewed for security and has a LTS commitment from Canonical (is promoted to main)
Seems I am not up to speed - having thought that nft being more mature and past security clearance as being available upstream since Linux kernel 3.13