From 0609f1f31c48271b583a36bddfa12093d1fdc8df Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 14 May 2021 11:46:54 +0200
Subject: [PATCH] firewall: for now always default firewall-backend to
 "itables"

ntables backend is not yet well tested. Don't flip the default yet
but for now always use iptables.

Once nftables is shown to work well, revert this patch.
---
 src/core/nm-firewall-utils.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c
index cc342b3f22..f5c02f90a5 100644
--- a/src/core/nm-firewall-utils.c
+++ b/src/core/nm-firewall-utils.c
@@ -738,12 +738,9 @@ nm_firewall_config_apply(NMFirewallConfig *self, gboolean shared)
 static NMFirewallBackend
 _firewall_backend_detect(void)
 {
-    if (g_file_test(NFT_PATH, G_FILE_TEST_IS_EXECUTABLE))
-        return NM_FIREWALL_BACKEND_NFTABLES;
-    if (g_file_test(IPTABLES_PATH, G_FILE_TEST_IS_EXECUTABLE))
-        return NM_FIREWALL_BACKEND_IPTABLES;
-
-    return NM_FIREWALL_BACKEND_NFTABLES;
+    /* For the moment, we still default to iptables. This should
+     * change once nftables is proven to work well. */
+    return NM_FIREWALL_BACKEND_IPTABLES;
 }
 
 NMFirewallBackend