Breno Leitao <leitao@xxxxxxxxxx> wrote:
> Hello Florian,
>
> On Thu, Aug 29, 2024 at 06:25:12PM +0200, Florian Westphal wrote:
> > Breno Leitao <leitao@xxxxxxxxxx> wrote:
> > > This option makes IP6_NF_IPTABLES_LEGACY user selectable, giving
> > > users the option to configure iptables without enabling any other
> > > config.
> >
> > I don't get it.
> >
> > IP(6)_NF_IPTABLES_LEGACY without iptable_filter, mangle etc.
> > is useless,
>
> Correct. We need to have iptable_filter, mangle, etc available.
>
> I would like to have ip6_tables as built-in
> (IP(6)_NF_IPTABLES_LEGACY=y), all the other tables built as modules.
>
> So, I am used to a configure similar to the following (before
> a9525c7f6219c ("netfilter: xtables: allow xtables-nft only builds"))
>
> CONFIG_IP6_NF_IPTABLES=y
> CONFIG_IP6_NF_MANGLE=m
> CONFIG_IP6_NF_RAW=m
> ...
>
> After a9525c7f6219c ("netfilter: xtables: allow xtables-nft only
> builds"), the same configuration is not possible anymore, because
> CONFIG_IP6_NF_IPTABLES is not user selectable anymore, thus, in order to
> set it as built-in (=y), I need to set the tables as =y.
Good, I was worried there was a functional regression here, but
this is more "matter of taste" then.
I thunk patch is fine, I will try to add the relevant
depends-on change some time in the near future.
