[OE-core][PATCH] iptables: use nft backend with libnftnl PACKAGECONFIG

[OE-core][PATCH] iptables: use nft backend with libnftnl PACKAGECONFIG

[tgamblin]

Currently, when the libnftnl (part of meta-networking) PACKAGECONFIG is
enabled for iptables, both legacy and nft-based binaries are built and
installed in the image. However, the "iptables" symlink in this case
still points to xtables-legacy-multi, rather than xtables-nft-multi.
This patch adds a conditional check to replace the symlink to point to
the latter if iptables is built with libnftnl support, which is
consistent with other major distros (e.g. Fedora). The "iptables-legacy"
symlink remains present and unmodified.

Signed-off-by: tgamblin <trevor.gamblin@windriver.com>
---
 meta/recipes-extended/iptables/iptables_1.8.7.bb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-extended/iptables/iptables_1.8.7.bb b/meta/recipes-extended/iptables/iptables_1.8.7.bb
index 839733aaa8..3b41882841 100644
--- a/meta/recipes-extended/iptables/iptables_1.8.7.bb
+++ b/meta/recipes-extended/iptables/iptables_1.8.7.bb
@@ -66,6 +66,11 @@ do_install:append() {
             -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \
             ${D}${systemd_system_unitdir}/ip6tables.service
     fi
+
+    # if libnftnl is included, make the iptables symlink point to the nft-based binary by default
+    if ${@bb.utils.contains('PACKAGECONFIG', 'libnftnl', 'true', 'false', d)} ; then
+        ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables 
+    fi
 }
 
 PACKAGES =+ "${PN}-modules ${PN}-apply"
-- 
2.35.1