Changes in iptables-legacy

Changes in iptables-legacy

[Alessandro Vesely]

Hi,

I'm still using iptables; my scripts work well... call me lazy.  I didn't 
expect behavior changes.  Instead, when I upgraded to the last Devuan release, 
equivalent to Debian Trixie, I got iptables v1.8.11 (legacy).

One of the scripts had a daily call like so:

     iptables -L -Z -vnx

The new version resulted in an error:

     iptables v1.8.11 (legacy): Illegal option `--numeric' with this command
     Try `iptables -h' or 'iptables --help' for more information.

Is this a Debian quirk or is it found in the official source?

By simply removing -Z, the above command works and its output is properly 
digested by my legacy Perl code.  However, I'd be curious to know why this 
change was made.  I hope it's not a subtle way to push people to migrate...


Best
Ale
-- 

Re: Changes in iptables-legacy

[Jeremy Sowden]

[-- Attachment #1: Type: text/plain, Size: 945 bytes --]

On 2025-11-18, at 12:31:15 +0100, Alessandro Vesely wrote:
> I'm still using iptables; my scripts work well... call me lazy.  I 
> didn't expect behavior changes.  Instead, when I upgraded to the last 
> Devuan release, equivalent to Debian Trixie, I got iptables v1.8.11 
> (legacy).
> 
> One of the scripts had a daily call like so:
> 
>     iptables -L -Z -vnx
> 
> The new version resulted in an error:
> 
>     iptables v1.8.11 (legacy): Illegal option `--numeric' with this command
>     Try `iptables -h' or 'iptables --help' for more information.
> 
> Is this a Debian quirk or is it found in the official source?
> 
> By simply removing -Z, the above command works and its output is
> properly digested by my legacy Perl code.  However, I'd be curious to
> know why this change was made.  I hope it's not a subtle way to push
> people to migrate...

It's a bug in 1.8.11.  The Netfilter team have fixed it.

J.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 931 bytes --]