Setting alternatives
Due to an ongoing issue in how alternatives configurations are stored on the system, Fedora CoreOS systems can not use the usual alternatives
commands to configure them.
Instead, until this issue is resolved, you can set the symlinks directly in /etc/alternatives
. For example, to use the legacy-based variants of the iptables
commands:
variant: fcos
version: 1.5.0
storage:
links:
- path: /etc/alternatives/iptables
target: /usr/sbin/iptables-legacy
overwrite: true
hard: false
- path: /etc/alternatives/iptables-restore
target: /usr/sbin/iptables-legacy-restore
overwrite: true
hard: false
- path: /etc/alternatives/iptables-save
target: /usr/sbin/iptables-legacy-save
overwrite: true
hard: false
- path: /etc/alternatives/ip6tables
target: /usr/sbin/ip6tables-legacy
overwrite: true
hard: false
- path: /etc/alternatives/ip6tables-restore
target: /usr/sbin/ip6tables-legacy-restore
overwrite: true
hard: false
- path: /etc/alternatives/ip6tables-save
target: /usr/sbin/ip6tables-legacy-save
overwrite: true
hard: false
Using alternatives commands
Starting with Fedora CoreOS based on Fedora 41, you can use alternatives
commands to configure the default command.
Example Butane config using a systemd unit to configure the default iptables backend
variant: fcos
version: 1.5.0
systemd:
units:
- name: custom-iptables-default.service
enabled: true
contents: |
[Unit]
Description=Set the default backend for iptables
[Service]
ExecStart=/usr/sbin/alternatives --set iptables /usr/sbin/iptables-legacy
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
We don’t recommend configuring the default iptables backend to iptables-legacy . This is just an example.
|
You can also manually run the alternatives
commands to configure the default command runtime.
Example to manually configure the default iptables backend
# Check the link info
alternatives --display iptables
iptables --version
# Configure iptables to point to iptables-nft
sudo alternatives --set iptables /usr/sbin/iptables-nft
# Verify iptables version is iptables-nft
alternatives --display iptables
iptables --version
Want to help? Learn how to contribute to Fedora Docs ›