On Tue, 15 Jan 2013, Victor Julien wrote: > On 01/15/2013 10:11 AM, Jan Engelhardt wrote: > > > > On Tuesday 2013-01-15 06:09, Nick Edwards wrote: > > > >> WARNING: The state match is obsolete. Use conntrack instead. > >> > >> Getting these errors since upgrading to 1.4.17 > > > > It is a warning, not an error. (An error would not let use you > > the command at all.) > > > >> Am I right in assuming that : > >> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > >> must now become : > >> iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT > >> or does that not do the same thing? > > > > state is a redundant subset of conntrack (the latter was introduced around > > Linux 2.5.32) and shall go away. > > I think removing it is a bad idea. For years and years all docs, books, > tutorials and frontends (like my own) have worked with "state". The > change seems so trivial "s/-m state --state/-m conntrack --ctstate/g" > that it would appear keeping "state" around as an alias or compatibility > layer would require minimal effort. Why not keep it around? Actually, I have to agree. Why don't we keep "state" as an alias and accept the old syntax in "conntrack"? What's the compelling reason to break countless scripts? Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
