On Tue, 15 Jan 2013, Jan Engelhardt wrote: > On Tuesday 2013-01-15 11:06, Jozsef Kadlecsik wrote: > >> > > >> > state is a redundant subset of conntrack (the latter was introduced around > >> > Linux 2.5.32) and shall go away. > >> > >> I think removing it is a bad idea. For years and years all docs, books, > >> tutorials and frontends (like my own) have worked with "state". The > >> change seems so trivial "s/-m state --state/-m conntrack --ctstate/g" > >> that it would appear keeping "state" around as an alias or compatibility > >> layer would require minimal effort. Why not keep it around? > > > >Actually, I have to agree. Why don't we keep "state" as an alias and > >accept the old syntax in "conntrack"? > > state is currently aliased and translated to conntrack in iptables > if the kernel has it. No scripts are broken. > > If the aliasing is done in userspace, the kernel part can be removed - > someday maybe. The aliasing is already done in userspace. One types in "state" and it's converted into "conntrack" and that is then sent to the kernel. (So as far as I see if the ipt_state, etc module aliases were added to the conntrack module, even the state kernel module could be removed.) However I suggest to delete the obsolete warnings completely from iptables and let these cases silently be handled as aliases. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html