Signed-off-by: Laine Stump <laine@redhat.com>
---
 NEWS.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/NEWS.rst b/NEWS.rst
index 42b0f88128..14505116b1 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -33,6 +33,16 @@ v10.4.0 (unreleased)
     ``<sound model='virtio'/>``. This model is available from QEMU 8.2.0
     onwards.
 
+  * network: use nftables to setup virtual network firewall rules
+
+    The network driver can now use nftables rules for the virtual
+    network firewalls, rather than iptables. With the standard build
+    options, nftables is preferred over iptables (with fallback to
+    iptables if nftables isn't installed), but this can be modified at
+    build time, or at runtime via the firewall_backend setting in
+    network.conf. (NB: the nwfilter driver still uses
+    ebtables/iptables).
+
 * **Improvements**
 
 * **Bug fixes**
-- 
2.45.0

On Thu, May 23, 2024 at 22:57:21 -0400, Laine Stump wrote:
> Signed-off-by: Laine Stump <laine@redhat.com>
> ---
>  NEWS.rst | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/NEWS.rst b/NEWS.rst
> index 42b0f88128..14505116b1 100644
> --- a/NEWS.rst
> +++ b/NEWS.rst
> @@ -33,6 +33,16 @@ v10.4.0 (unreleased)
>      ``<sound model='virtio'/>``. This model is available from QEMU 8.2.0
>      onwards.
>  
> +  * network: use nftables to setup virtual network firewall rules
> +
> +    The network driver can now use nftables rules for the virtual
> +    network firewalls, rather than iptables. With the standard build
> +    options, nftables is preferred over iptables (with fallback to
> +    iptables if nftables isn't installed), but this can be modified at
> +    build time, or at runtime via the firewall_backend setting in
> +    network.conf. (NB: the nwfilter driver still uses
> +    ebtables/iptables).
> +
>  * **Improvements**
>  
>  * **Bug fixes**

Reviewed-by: Jiri Denemark <jdenemar@redhat.com>