On Tuesday 2012-09-04 10:58, Pablo Neira Ayuso wrote: >On Mon, Sep 03, 2012 at 10:29:40PM -0700, Maciej Żenczykowski wrote: >[...] >> > Not solved: >> > 4. Since NOTRACK now always maps to CT, "-j NOTRACK" >> > has become unusable on sufficiently old kernels. >> > Should we even bother? >> >> Yes, we must, otherwise distros can't upgrade to latest iptables >> without either patching or upgrading kernel. > >Why not? They will upgrade and they will start using the CT target >sooner than any other, which seems good to me. > >We also need to add support for real_rev 0 of the CT target. Just to >make sure that we don't break with old kernels. Right; but is that not what might be described as "hypocritic"? Even after adding support for CT.0, people still need >= 2.6.34. Where is the non-breakage for them? (I can't say I feel /too/ bad for the RHEL folks stuck with their ancient 2.6.32 :-P ) (And don't tell me about backports, because in general, they don't do that for NF.) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
