From: Patrick McHardy <kaber@trash.net>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Tomasz Kvarsin <kvarsin@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
bunk@stusta.de,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
netfilter@lists.netfilter.org,
netfilter-devel@lists.netfilter.org
Subject: Re: 2.6.20-rc4: regression: iptables failed to load rules
Date: Wed, 10 Jan 2007 08:56:55 +0100 [thread overview]
Message-ID: <45A49C47.6080407@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.64.0701090929160.3594@woody.osdl.org>
Linus Torvalds wrote:
>
> On Tue, 9 Jan 2007, Tomasz Kvarsin wrote:
>
>>During boot into 2.6.20-rc4 iptables says
>>iptables-restore: line 15 failed.
>>And works fine with my default kernel: 2.6.18.x
>
>
> I bet you enabled the new transport-agnostic netfilter, and didn't enable
> some of the actual rules needed for your iptables setup (they have new
> config names).
>
> I do think that the netfilter team has been very irritating in changing
> the config names, even if it "is logical".
>
> Somebody should stop the madness, and tell people what config options they
> need for a regular iptables setup like this. Rather than say "just compile
> everything". There's about a million different filters, and they all
> depend on one infrastructure or another.
>
> And then the networking people should F*NG STOP that config name changing
> madness! The config names should match the _usage_, not some
> implementation detail. And failing that, leave the config options named
> something illogical, as long as people don't have to change their config
> file all the time and answer millions of questions that they don't care
> about!
In the x_tables case it really caused a lot of unnecessary confusion,
the recent connection tracking changes however needed new config
options since we're keeping the old implementation around for a few more
releases. Unfortunately when switching between the two implementations,
Kconfig deselects all options depending on either one, even though the
dependencies are still fulfilled (f.e. NETFILTER_XT_MATCH_CONNTRACK:
depends on IP_NF_CONNTRACK || NF_CONNTRACK), which means you have
to select all those options again.
It probably won't be necessary anymore to make changes like this in
the future, but in case it is I'll make sure to at least provide
compatibility options for a few releases.
next prev parent reply other threads:[~2007-01-10 7:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-09 7:29 2.6.20-rc4: regression: iptables failed to load rules Tomasz Kvarsin
2007-01-09 17:33 ` Linus Torvalds
2007-01-10 7:56 ` Patrick McHardy [this message]
2007-01-10 16:15 ` Linus Torvalds
2007-01-10 22:10 ` Bill Davidsen
2007-02-12 20:17 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45A49C47.6080407@trash.net \
--to=kaber@trash.net \
--cc=bunk@stusta.de \
--cc=davem@davemloft.net \
--cc=kvarsin@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=netfilter@lists.netfilter.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).