From: Patrick McHardy <kaber@trash.net>
To: netfilter@vger.kernel.org
Subject: Re: intrapositioned and extrapositioned negation
Date: Fri, 30 Oct 2009 10:56:52 +0100 [thread overview]
Message-ID: <4AEAB864.4030205@trash.net> (raw)
In-Reply-To: <4AE95AA2.4000601@chello.at>
Mart Frauenlob wrote:
> Mart Frauenlob wrote:
>> Hello,
>>
>> today I installed iptables 1.4.5 and discovered my ruleset produces
>> those warnings about intrapositioned negation:
>> Using intrapositioned negation (`--option ! this`) is deprecated in
>> favor of extrapositioned (`! --option this`).
>>
>> I haven't completely looked up the changelogs, but from what I've
>> found on the internet, this was introduced with 1.4.3.1, right?
>>
>> However, my ruleset is automatically generated by a self written shell
>> script, which I now need to change.
>> It needs to work with any 2.6 kernel and with 2.4 kernels supporting
>> iptables.
>> As my testing options (hardware, time) are limited, I'm asking if
>> someone knows:
>>
>> Will 2.4 kernels and older iptables versions accept the
>> extrapositioned (`! --option this`) notation?
>> If so, I can rewrite my script to always use extrapositioned syntax.
>> Lot's of work, but ok...
>>
>> If not, what kernel / iptables versions do only understand the old
>> deprecated way?
>> So I can query for them and take the appropriate steps.
>>
>> Thanks a lot!
>
>
> Nobody knows?
> Well, I've found some old virtual machines, tested it with debian woody
> and sarge, using kernel 2.4.18.bf2-4 and 2.6.18 and extrapositioned
> negation does not seem to cause problems.
> Am I right to assume, that all 2.4 kernels with iptables support - DON'T
> have troubles using extrapositioned negation???
The kernel doesn't care about how you specify negation, its purely
a userspace thing. So yes, it should work properly on any kernel
version.
next prev parent reply other threads:[~2009-10-30 9:56 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-20 10:59 intrapositioned and extrapositioned negation Mart Frauenlob
2009-10-29 9:04 ` Mart Frauenlob
2009-10-30 9:56 ` Patrick McHardy [this message]
-- strict thread matches above, loose matches on Subject: below --
2009-10-30 14:48 Mart Frauenlob
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AEAB864.4030205@trash.net \
--to=kaber@trash.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).