Jozsef Kadlecsik wrote: > On Mon, 2 Nov 2009, Patrick McHardy wrote: > >> Jan Engelhardt wrote: >>> In going to fix NF bug #611, "argv" would be needed in >>> xtables_check_inverse to set "optarg" to the right spot in case of an >>> intrapositional negation. Adding argv to the parameter list would >>> cause an API change, which I would like to avoid because it is >>> planned to be thrown out anyway. >>> >>> So deactive intrapositional support now already, but leave the error >>> message (which has already been there for two releases). Slightly >>> adjust it, because some users have been wondering whether iptables >>> or they are at "fault". >> I'm worried that this is too early, two releases is not particulary >> long and I'd expect a lot of people haven't noticed the warning yet, >> especially on headless systems. Looking at bug #611, we've never >> claimed "-ptcp" would be supported, so this hardly justifies the >> risk IMO. > > I agree with Patrick - it's no good to break unknown number of firewall > setups out there. We did support intrapositional negation and a lot of > scripts may use that syntax. It's a too high price for "fixing" what's > actually a feature request. OK, lets leave the warning in for now and reconsider this in a year or something like that. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
