[iptables PATCH] etc: Drop xtables.conf

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [iptables PATCH] etc: Drop xtables.conf
@ 2023-01-17 15:52 Phil Sutter
  2023-01-18 14:01 ` Phil Sutter
  0 siblings, 1 reply; 2+ messages in thread
From: Phil Sutter @ 2023-01-17 15:52 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Pablo Neira Ayuso, Jan Engelhardt

The file is not used since the commit this one fixes. Also it wasn't
installed until recently, when commit 3822a992bc277 ("Makefile: Fix for
'make distcheck'") added it in the wrong spot in an attempt to reduce
differences between tarballs generated by 'make tarball' and 'make
dist'.

While being at it, drop stale xtables_config_main() prototype from
xtables-multi.h.

Fixes: 06fd5e46d46f7 ("xtables: Drop support for /etc/xtables.conf")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 Makefile.am              |  2 +-
 etc/xtables.conf         | 74 ----------------------------------------
 iptables/xtables-multi.h |  1 -
 3 files changed, 1 insertion(+), 76 deletions(-)
 delete mode 100644 etc/xtables.conf

diff --git a/Makefile.am b/Makefile.am
index 451c3cb2d5887..299ab46d7b8e2 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -20,7 +20,7 @@ EXTRA_DIST	= autogen.sh iptables-test.py xlate-test.py
 
 if ENABLE_NFTABLES
 confdir		= $(sysconfdir)
-dist_conf_DATA	= etc/ethertypes etc/xtables.conf
+dist_conf_DATA	= etc/ethertypes
 endif
 
 .PHONY: tarball
diff --git a/etc/xtables.conf b/etc/xtables.conf
deleted file mode 100644
index 3c54ced043d82..0000000000000
--- a/etc/xtables.conf
+++ /dev/null
@@ -1,74 +0,0 @@
-family ipv4 {
-	table raw {
-		chain PREROUTING hook NF_INET_PRE_ROUTING prio -300
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio -300
-	}
-
-	table mangle {
-		chain PREROUTING hook NF_INET_PRE_ROUTING prio -150
-		chain INPUT hook NF_INET_LOCAL_IN prio -150
-		chain FORWARD hook NF_INET_FORWARD prio -150
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio -150
-		chain POSTROUTING hook NF_INET_POST_ROUTING prio -150
-	}
-
-	table filter {
-		chain INPUT hook NF_INET_LOCAL_IN prio 0
-		chain FORWARD hook NF_INET_FORWARD prio 0
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio 0
-	}
-
-	table nat {
-		chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
-		chain INPUT hook NF_INET_LOCAL_IN prio 100
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio -100
-		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
-	}
-
-	table security {
-		chain INPUT hook NF_INET_LOCAL_IN prio 50
-		chain FORWARD hook NF_INET_FORWARD prio 50
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio 50
-	}
-}
-
-family ipv6 {
-	table raw {
-		chain PREROUTING hook NF_INET_PRE_ROUTING prio -300
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio -300
-	}
-
-	table mangle {
-		chain PREROUTING hook NF_INET_PRE_ROUTING prio -150
-		chain INPUT hook NF_INET_LOCAL_IN prio -150
-		chain FORWARD hook NF_INET_FORWARD prio -150
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio -150
-		chain POSTROUTING hook NF_INET_POST_ROUTING prio -150
-	}
-
-	table filter {
-		chain INPUT hook NF_INET_LOCAL_IN prio 0
-		chain FORWARD hook NF_INET_FORWARD prio 0
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio 0
-	}
-
-	table nat {
-		chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
-		chain INPUT hook NF_INET_LOCAL_IN prio 100
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio -100
-		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
-	}
-
-	table security {
-		chain INPUT hook NF_INET_LOCAL_IN prio 50
-		chain FORWARD hook NF_INET_FORWARD prio 50
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio 50
-	}
-}
-
-family arp {
-	table filter {
-		chain INPUT hook NF_ARP_IN prio 0
-		chain OUTPUT hook NF_ARP_OUT prio 0
-	}
-}
diff --git a/iptables/xtables-multi.h b/iptables/xtables-multi.h
index 94c24d5a22c7e..833c11a2ac914 100644
--- a/iptables/xtables-multi.h
+++ b/iptables/xtables-multi.h
@@ -20,7 +20,6 @@ extern int xtables_arp_save_main(int, char **);
 extern int xtables_eb_main(int, char **);
 extern int xtables_eb_restore_main(int, char **);
 extern int xtables_eb_save_main(int, char **);
-extern int xtables_config_main(int, char **);
 extern int xtables_monitor_main(int, char **);
 
 extern struct xtables_globals arptables_globals;
-- 
2.38.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [iptables PATCH] etc: Drop xtables.conf
  2023-01-17 15:52 [iptables PATCH] etc: Drop xtables.conf Phil Sutter
@ 2023-01-18 14:01 ` Phil Sutter
  0 siblings, 0 replies; 2+ messages in thread
From: Phil Sutter @ 2023-01-18 14:01 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Pablo Neira Ayuso, Jan Engelhardt

On Tue, Jan 17, 2023 at 04:52:33PM +0100, Phil Sutter wrote:
> The file is not used since the commit this one fixes. Also it wasn't
> installed until recently, when commit 3822a992bc277 ("Makefile: Fix for
> 'make distcheck'") added it in the wrong spot in an attempt to reduce
> differences between tarballs generated by 'make tarball' and 'make
> dist'.
> 
> While being at it, drop stale xtables_config_main() prototype from
> xtables-multi.h.
> 
> Fixes: 06fd5e46d46f7 ("xtables: Drop support for /etc/xtables.conf")
> Signed-off-by: Phil Sutter <phil@nwl.cc>

Patch applied.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-01-18 14:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-17 15:52 [iptables PATCH] etc: Drop xtables.conf Phil Sutter
2023-01-18 14:01 ` Phil Sutter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).