We have a couple of compatibility hacks to cope with changes in iptables userspace and kernel. These were very long ago so not relevant to our current build platforms. Removing them makes the code clearer. The tests have churn because we were never properly testing this aspect in the past Daniel P. Berrangé (2): nwfilter: drop support for legacy iptables match syntax nwfilter: drop support for legacy iptables conntrack direction src/nwfilter/nwfilter_ebiptables_driver.c | 128 +- .../ah-ipv6-linux.args | 54 +- tests/nwfilterxml2firewalldata/ah-linux.args | 54 +- .../all-ipv6-linux.args | 54 +- tests/nwfilterxml2firewalldata/all-linux.args | 54 +- .../comment-linux.args | 90 +- .../conntrack-linux.args | 18 +- .../esp-ipv6-linux.args | 54 +- tests/nwfilterxml2firewalldata/esp-linux.args | 54 +- .../example-1-linux.args | 54 +- .../example-2-linux.args | 28 +- .../hex-data-linux.args | 36 +- .../icmp-direction-linux.args | 12 +- .../icmp-direction2-linux.args | 12 +- .../icmp-direction3-linux.args | 18 +- .../nwfilterxml2firewalldata/icmp-linux.args | 12 +- .../icmpv6-linux.args | 16 +- .../nwfilterxml2firewalldata/igmp-linux.args | 54 +- .../nwfilterxml2firewalldata/ipset-linux.args | 72 +- .../nwfilterxml2firewalldata/iter1-linux.args | 54 +- .../nwfilterxml2firewalldata/iter2-linux.args | 1026 +++++++++++------ .../nwfilterxml2firewalldata/iter3-linux.args | 90 +- .../sctp-ipv6-linux.args | 54 +- .../nwfilterxml2firewalldata/sctp-linux.args | 54 +- .../target-linux.args | 36 +- .../target2-linux.args | 18 +- .../tcp-ipv6-linux.args | 54 +- tests/nwfilterxml2firewalldata/tcp-linux.args | 18 +- .../udp-ipv6-linux.args | 54 +- tests/nwfilterxml2firewalldata/udp-linux.args | 54 +- .../udplite-ipv6-linux.args | 54 +- .../udplite-linux.args | 54 +- 32 files changed, 1570 insertions(+), 924 deletions(-) -- 2.35.1