Breno Leitao <leitao@xxxxxxxxxx> wrote:
> This option makes IP6_NF_IPTABLES_LEGACY user selectable, giving
> users the option to configure iptables without enabling any other
> config.
I don't get it.
IP(6)_NF_IPTABLES_LEGACY without iptable_filter, mangle etc.
is useless, rules get attached to basechains that get registered
by the iptable_{mangle,filter,nat,...} modules, i.e. those that
"select IP(6)_NF_IPTABLES_LEGACY".
The old get/setsockopt UAPI is useless without them, iptables -L, -A,
etc. won't work.
What am I missing?
I'm fine with this because this is needed anyway to allow
disabling the get/setsockopt api (needs the 'depends on' changes
though) later, but this change is a mystery to me.
