FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Development

 
 
LinkBack Thread Tools
 
Old 07-23-2011, 07:46 PM
Ronald van Haren
 
Default iptables 1.4.12-1

Op 23 jul. 2011 20:07 schreef "Dan McGee" <dpmcgee@gmail.com> het volgende:
>
> Upstream version bump, but much more worthy of testing due to the
> initscripts getting an overhaul.
>
> * No longer do we do manual clearing of rules, instead, empty state
> files for each table are used by iptables-restore now to clear out the
> tables. Please test stop/start/restarting of both iptables and
> ip6tables to make sure it works as appropriate.
> * Fix https://bugs.archlinux.org/task/24466 and resetting of
> ip_forward variable; this is now a deprecated feature in this package
> and we will never touch this value when stopping iptables.
>
> -Dan

You should have enabled static libs, there is a bug report for this. I'll
upload a new version when I'm at home.

Ronald
 
Old 07-24-2011, 10:55 AM
Ronald van Haren
 
Default iptables 1.4.12-1

On Sat, Jul 23, 2011 at 9:46 PM, Ronald van Haren <pressh@gmail.com> wrote:
>
> Op 23 jul. 2011 20:07 schreef "Dan McGee" <dpmcgee@gmail.com> het volgende:
>
>>
>> Upstream version bump, but much more worthy of testing due to the
>> initscripts getting an overhaul.
>>
>> * No longer do we do manual clearing of rules, instead, empty state
>> files for each table are used by iptables-restore now to clear out the
>> tables. Please test stop/start/restarting of both iptables and
>> ip6tables to make sure it works as appropriate.
>> * Fix https://bugs.archlinux.org/task/24466 and resetting of
>> ip_forward variable; this is now a deprecated feature in this package
>> and we will never touch this value when stopping iptables.
>>
>> -Dan
>
> You should have enabled static libs, there is a bug report for this. I'll
> upload a new version when I'm at home.
>
> Ronald

Never mind, it is not needed. Seems to be some upstream bug in the
previous version which didn't show up when you enabled static libs.
1.4.12 is fine so it seems.

Should we add a default value for ipv6 packet forwarding to sysctl.conf?

Ronald
 
Old 07-25-2011, 01:28 PM
Dan McGee
 
Default iptables 1.4.12-1

On Sun, Jul 24, 2011 at 5:55 AM, Ronald van Haren <pressh@gmail.com> wrote:
> On Sat, Jul 23, 2011 at 9:46 PM, Ronald van Haren <pressh@gmail.com> wrote:
>>
>> Op 23 jul. 2011 20:07 schreef "Dan McGee" <dpmcgee@gmail.com> het volgende:
>>
>>>
>>> Upstream version bump, but much more worthy of testing due to the
>>> initscripts getting an overhaul.
>>>
>>> * No longer do we do manual clearing of rules, instead, empty state
>>> files for each table are used by iptables-restore now to clear out the
>>> tables. Please test stop/start/restarting of both iptables and
>>> ip6tables to make sure it works as appropriate.
>>> * Fix https://bugs.archlinux.org/task/24466 and resetting of
>>> ip_forward variable; this is now a deprecated feature in this package
>>> and we will never touch this value when stopping iptables.
>>>
>>> -Dan
>>
>> You should have enabled static libs, there is a bug report for this. I'll
>> upload a new version when I'm at home.
>>
>> Ronald
>
> Never mind, it is not needed. Seems to be some upstream bug in the
> previous version which didn't show up when you enabled static libs.
> 1.4.12 is fine so it seems.
>
> Should we add a default value for ipv6 packet forwarding to sysctl.conf?
Not sure if you mean "added but commented out", or "enabled by
default". -1 to both from me- we definitely don't want to enable it by
default, but I don't see how this sysctl knob should get any more
special treatment than the other 300 ones. People will need to read up
on things to get it working, and the key names are mentioned in the
iptables conf.d file right now anyway.

-Dan
 
Old 07-25-2011, 01:30 PM
Evangelos Foutras
 
Default iptables 1.4.12-1

On 23 July 2011 21:07, Dan McGee <dpmcgee@gmail.com> wrote:
> Upstream version bump, but much more worthy of testing due to the
> initscripts getting an overhaul.

Signoff i686.
 
Old 07-25-2011, 01:45 PM
Ronald van Haren
 
Default iptables 1.4.12-1

On Mon, Jul 25, 2011 at 1:28 PM, Dan McGee <dpmcgee@gmail.com> wrote:
> On Sun, Jul 24, 2011 at 5:55 AM, Ronald van Haren <pressh@gmail.com> wrote:
>> On Sat, Jul 23, 2011 at 9:46 PM, Ronald van Haren <pressh@gmail.com> wrote:
>>>
>>> Op 23 jul. 2011 20:07 schreef "Dan McGee" <dpmcgee@gmail.com> het volgende:
>>>
>>>>
>>>> Upstream version bump, but much more worthy of testing due to the
>>>> initscripts getting an overhaul.
>>>>
>>>> * No longer do we do manual clearing of rules, instead, empty state
>>>> files for each table are used by iptables-restore now to clear out the
>>>> tables. Please test stop/start/restarting of both iptables and
>>>> ip6tables to make sure it works as appropriate.
>>>> * Fix https://bugs.archlinux.org/task/24466 and resetting of
>>>> ip_forward variable; this is now a deprecated feature in this package
>>>> and we will never touch this value when stopping iptables.
>>>>
>>>> -Dan
>>>
>>> You should have enabled static libs, there is a bug report for this. I'll
>>> upload a new version when I'm at home.
>>>
>>> Ronald
>>
>> Never mind, it is not needed. Seems to be some upstream bug in the
>> previous version which didn't show up when you enabled static libs.
>> 1.4.12 is fine so it seems.
>>
>> Should we add a default value for ipv6 packet forwarding to sysctl.conf?
> Not sure if you mean "added but commented out", or "enabled by
> default". -1 to both from me- we definitely don't want to enable it by
> default, but I don't see how this sysctl knob should get any more
> special treatment than the other 300 ones. People will need to read up
> on things to get it working, and the key names are mentioned in the
> iptables conf.d file right now anyway.
>
> -Dan
>

I actually meant disabled by default as that was what iptables was
setting if I'm not mistaken. Anyway, instructions are in the new
iptables config script so people should know about it when they
upgrade (it may also just be the default when nothing is specified,
didn't check for that).

Also, signoff x86_64.

Ronald
 
Old 07-25-2011, 03:26 PM
Gaetan Bisson
 
Default iptables 1.4.12-1

[2011-07-23 13:07:19 -0500] Dan McGee:
> Upstream version bump, but much more worthy of testing due to the
> initscripts getting an overhaul.
>
> * No longer do we do manual clearing of rules, instead, empty state
> files for each table are used by iptables-restore now to clear out the
> tables. Please test stop/start/restarting of both iptables and
> ip6tables to make sure it works as appropriate.
> * Fix https://bugs.archlinux.org/task/24466 and resetting of
> ip_forward variable; this is now a deprecated feature in this package
> and we will never touch this value when stopping iptables.

Signoff x86_64.

--
Gaetan
 

Thread Tools




All times are GMT. The time now is 06:49 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org