Mart Frauenlob wrote: > Mart Frauenlob wrote: >> Hello, >> >> today I installed iptables 1.4.5 and discovered my ruleset produces >> those warnings about intrapositioned negation: >> Using intrapositioned negation (`--option ! this`) is deprecated in >> favor of extrapositioned (`! --option this`). >> >> I haven't completely looked up the changelogs, but from what I've >> found on the internet, this was introduced with 1.4.3.1, right? >> >> However, my ruleset is automatically generated by a self written shell >> script, which I now need to change. >> It needs to work with any 2.6 kernel and with 2.4 kernels supporting >> iptables. >> As my testing options (hardware, time) are limited, I'm asking if >> someone knows: >> >> Will 2.4 kernels and older iptables versions accept the >> extrapositioned (`! --option this`) notation? >> If so, I can rewrite my script to always use extrapositioned syntax. >> Lot's of work, but ok... >> >> If not, what kernel / iptables versions do only understand the old >> deprecated way? >> So I can query for them and take the appropriate steps. >> >> Thanks a lot! > > > Nobody knows? > Well, I've found some old virtual machines, tested it with debian woody > and sarge, using kernel 2.4.18.bf2-4 and 2.6.18 and extrapositioned > negation does not seem to cause problems. > Am I right to assume, that all 2.4 kernels with iptables support - DON'T > have troubles using extrapositioned negation??? The kernel doesn't care about how you specify negation, its purely a userspace thing. So yes, it should work properly on any kernel version. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
