From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: intrapositioned and extrapositioned negation Date: Fri, 30 Oct 2009 10:56:52 +0100 Message-ID: <4AEAB864.4030205@trash.net> References: <4ADD982F.209@chello.at> <4AE95AA2.4000601@chello.at> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4AE95AA2.4000601@chello.at> Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii" To: netfilter@vger.kernel.org Mart Frauenlob wrote: > Mart Frauenlob wrote: >> Hello, >> >> today I installed iptables 1.4.5 and discovered my ruleset produces >> those warnings about intrapositioned negation: >> Using intrapositioned negation (`--option ! this`) is deprecated in >> favor of extrapositioned (`! --option this`). >> >> I haven't completely looked up the changelogs, but from what I've >> found on the internet, this was introduced with 1.4.3.1, right? >> >> However, my ruleset is automatically generated by a self written shell >> script, which I now need to change. >> It needs to work with any 2.6 kernel and with 2.4 kernels supporting >> iptables. >> As my testing options (hardware, time) are limited, I'm asking if >> someone knows: >> >> Will 2.4 kernels and older iptables versions accept the >> extrapositioned (`! --option this`) notation? >> If so, I can rewrite my script to always use extrapositioned syntax. >> Lot's of work, but ok... >> >> If not, what kernel / iptables versions do only understand the old >> deprecated way? >> So I can query for them and take the appropriate steps. >> >> Thanks a lot! > > > Nobody knows? > Well, I've found some old virtual machines, tested it with debian woody > and sarge, using kernel 2.4.18.bf2-4 and 2.6.18 and extrapositioned > negation does not seem to cause problems. > Am I right to assume, that all 2.4 kernels with iptables support - DON'T > have troubles using extrapositioned negation??? The kernel doesn't care about how you specify negation, its purely a userspace thing. So yes, it should work properly on any kernel version.