Jan Engelhardt wrote:
On Thursday 2008-11-27 22:52, Pablo Neira Ayuso wrote:
I wonder a bit. iptables is fine with loading ipt_%s (mapped to xt_%s),
but conntrack requires an nfct-help-%s namespace and cannot use
nf_conntrack_%s?
Of course it makes sense to use a separate namespace - especially
in light of the nf_conntrack_ prefix used by both helpers and
protos, but I'm still asking.
It is not the same point. The xt_* aliases in iptables were introduced
to keep backward compatibility for iptables (old versions try to load
ipt_* or ip6t_* modules, as they don't know anything about xt_*. Of
course, this is no longer true for current iptables versions).
Sadly enough, iptables still loads ipt_%s instead of xt_%s.
Maybe it's time for a patch..
Its needed to select the proper module, f.i. in case of REJECT.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
