From: Born Without <blackhole@airpost.net>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Victor Julien <lists@inliniac.net>,
Jan Engelhardt <jengelh@inai.de>,
Nick Edwards <nick.z.edwards@gmail.com>,
netfilter@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: state match is obsolete 1.4.17
Date: Tue, 15 Jan 2013 13:06:58 +0100 [thread overview]
Message-ID: <50F54662.1030405@airpost.net> (raw)
In-Reply-To: <alpine.DEB.2.00.1301151102490.11129@blackhole.kfki.hu>
On 15.01.2013 11:06, Jozsef Kadlecsik wrote:
> On Tue, 15 Jan 2013, Victor Julien wrote:
>
>> On 01/15/2013 10:11 AM, Jan Engelhardt wrote:
>>>
>>> On Tuesday 2013-01-15 06:09, Nick Edwards wrote:
>>>
>>>> WARNING: The state match is obsolete. Use conntrack instead.
>>>>
>>>> Getting these errors since upgrading to 1.4.17
>>>
>>> It is a warning, not an error. (An error would not let use you
>>> the command at all.)
>>>
>>>> Am I right in assuming that :
>>>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>>> must now become :
>>>> iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
>>>> or does that not do the same thing?
>>>
>>> state is a redundant subset of conntrack (the latter was introduced around
>>> Linux 2.5.32) and shall go away.
>>
>> I think removing it is a bad idea. For years and years all docs, books,
>> tutorials and frontends (like my own) have worked with "state". The
>> change seems so trivial "s/-m state --state/-m conntrack --ctstate/g"
>> that it would appear keeping "state" around as an alias or compatibility
>> layer would require minimal effort. Why not keep it around?
>
> Actually, I have to agree. Why don't we keep "state" as an alias and
> accept the old syntax in "conntrack"?
>
> What's the compelling reason to break countless scripts?
>
Yes please, bump +1
I never understood why 'state' wasn't simply extended.
Not doing a smooth transition, is just very unfriendly to users, for
actually no good reason.
next prev parent reply other threads:[~2013-01-15 12:06 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-15 5:09 state match is obsolete 1.4.17 Nick Edwards
2013-01-15 9:11 ` Jan Engelhardt
2013-01-15 9:54 ` Victor Julien
2013-01-15 10:06 ` Jozsef Kadlecsik
2013-01-15 12:06 ` Born Without [this message]
2013-01-15 12:49 ` Jan Engelhardt
2013-01-15 13:22 ` Jozsef Kadlecsik
2013-01-15 13:53 ` Jan Engelhardt
2013-01-15 14:49 ` Jozsef Kadlecsik
2013-01-15 17:28 ` [PATCH]: Keep the "state" match as alias [Re: state match is obsolete 1.4.17] Jozsef Kadlecsik
2013-01-18 0:28 ` Pablo Neira Ayuso
2013-01-22 21:47 ` Jozsef Kadlecsik
2013-01-22 21:58 ` Jan Engelhardt
2013-01-23 9:06 ` Jozsef Kadlecsik
2013-01-23 3:03 ` Pablo Neira Ayuso
2013-01-23 9:00 ` Jozsef Kadlecsik
2013-01-23 10:08 ` Pablo Neira Ayuso
2013-01-15 23:27 ` state match is obsolete 1.4.17 Nick Edwards
2013-01-16 0:11 ` Jan Engelhardt
2013-01-17 4:38 ` Nick Edwards
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50F54662.1030405@airpost.net \
--to=blackhole@airpost.net \
--cc=jengelh@inai.de \
--cc=kadlec@blackhole.kfki.hu \
--cc=lists@inliniac.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
--cc=nick.z.edwards@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox