On Mon, 2 Nov 2009, Patrick McHardy wrote: > Jan Engelhardt wrote: > > In going to fix NF bug #611, "argv" would be needed in > > xtables_check_inverse to set "optarg" to the right spot in case of an > > intrapositional negation. Adding argv to the parameter list would > > cause an API change, which I would like to avoid because it is > > planned to be thrown out anyway. > > > > So deactive intrapositional support now already, but leave the error > > message (which has already been there for two releases). Slightly > > adjust it, because some users have been wondering whether iptables > > or they are at "fault". > > I'm worried that this is too early, two releases is not particulary > long and I'd expect a lot of people haven't noticed the warning yet, > especially on headless systems. Looking at bug #611, we've never > claimed "-ptcp" would be supported, so this hardly justifies the > risk IMO. I agree with Patrick - it's no good to break unknown number of firewall setups out there. We did support intrapositional negation and a lot of scripts may use that syntax. It's a too high price for "fixing" what's actually a feature request. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
