From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mart Frauenlob Subject: Re: intrapositioned and extrapositioned negation Date: Thu, 29 Oct 2009 10:04:34 +0100 Message-ID: <4AE95AA2.4000601@chello.at> References: <4ADD982F.209@chello.at> Reply-To: netfilter@vger.kernel.org Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4ADD982F.209@chello.at> Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@vger.kernel.org Mart Frauenlob wrote: > Hello, > > today I installed iptables 1.4.5 and discovered my ruleset produces > those warnings about intrapositioned negation: > Using intrapositioned negation (`--option ! this`) is deprecated in > favor of extrapositioned (`! --option this`). > > I haven't completely looked up the changelogs, but from what I've > found on the internet, this was introduced with 1.4.3.1, right? > > However, my ruleset is automatically generated by a self written shell > script, which I now need to change. > It needs to work with any 2.6 kernel and with 2.4 kernels supporting > iptables. > As my testing options (hardware, time) are limited, I'm asking if > someone knows: > > Will 2.4 kernels and older iptables versions accept the > extrapositioned (`! --option this`) notation? > If so, I can rewrite my script to always use extrapositioned syntax. > Lot's of work, but ok... > > If not, what kernel / iptables versions do only understand the old > deprecated way? > So I can query for them and take the appropriate steps. > > Thanks a lot! Nobody knows? Well, I've found some old virtual machines, tested it with debian woody and sarge, using kernel 2.4.18.bf2-4 and 2.6.18 and extrapositioned negation does not seem to cause problems. Am I right to assume, that all 2.4 kernels with iptables support - DON'T have troubles using extrapositioned negation??? Regards Mart