From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Breno Leitao <leitao@debian.org>
Cc: fw@strlen.de, davem@davemloft.net, edumazet@google.com,
kuba@kernel.org, pabeni@redhat.com,
Jozsef Kadlecsik <kadlec@netfilter.org>,
David Ahern <dsahern@kernel.org>,
rbc@meta.com, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org,
"open list:NETFILTER" <coreteam@netfilter.org>
Subject: Re: [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable
Date: Fri, 6 Sep 2024 01:01:46 +0200 [thread overview]
Message-ID: <Zto4WmXldf6KzeQO@calendula> (raw)
In-Reply-To: <20240829161656.832208-2-leitao@debian.org>
Hi,
On Thu, Aug 29, 2024 at 09:16:54AM -0700, Breno Leitao wrote:
> This option makes IP6_NF_IPTABLES_LEGACY user selectable, giving
> users the option to configure iptables without enabling any other
> config.
IUC this is to allow to compile iptables core built-in while allowing
extensions to be compiled as module? What is exactly the combination
you are trying to achieve which is not possible with the current
toggle?
Florian's motivation to add this knob is to allow to compile kernels
without iptables-legacy support.
One more comment below.
> Signed-off-by: Breno Leitao <leitao@debian.org>
> ---
> net/ipv6/netfilter/Kconfig | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
> index f3c8e2d918e1..cbe88cc5b897 100644
> --- a/net/ipv6/netfilter/Kconfig
> +++ b/net/ipv6/netfilter/Kconfig
> @@ -8,7 +8,13 @@ menu "IPv6: Netfilter Configuration"
>
> # old sockopt interface and eval loop
> config IP6_NF_IPTABLES_LEGACY
> - tristate
> + tristate "Legacy IP6 tables support"
> + depends on INET && IPV6
> + select NETFILTER_XTABLES
> + default n
> + help
> + ip6tables is a general, extensible packet identification legacy framework.
"packet classification" is generally the more appropriate and widely
used term for firewalls.
Maybe simply reword this description to ...
ip6tables is a legacy packet classification.
> + This is not needed if you are using iptables over nftables (iptables-nft).
>
> config NF_SOCKET_IPV6
> tristate "IPv6 socket lookup support"
> --
> 2.43.5
>
next prev parent reply other threads:[~2024-09-05 23:01 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-29 16:16 [PATCH nf-next v4 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable Breno Leitao
2024-08-29 16:16 ` [PATCH nf-next v4 1/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable Breno Leitao
2024-08-29 16:25 ` Florian Westphal
2024-08-30 12:45 ` Breno Leitao
2024-08-30 13:13 ` Florian Westphal
2024-08-30 14:04 ` Breno Leitao
2024-08-30 14:09 ` Florian Westphal
2024-09-05 23:01 ` Pablo Neira Ayuso [this message]
2024-09-09 8:29 ` Breno Leitao
2024-08-29 16:16 ` [PATCH nf-next v4 2/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable Breno Leitao
2024-08-30 18:18 ` [PATCH nf-next v4 0/2] " Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zto4WmXldf6KzeQO@calendula \
--to=pablo@netfilter.org \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=leitao@debian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rbc@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).