On Mon, Jul 25, 2011 at 1:28 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Sun, Jul 24, 2011 at 5:55 AM, Ronald van Haren <pressh@gmail.com> wrote:
On Sat, Jul 23, 2011 at 9:46 PM, Ronald van Haren <pressh@gmail.com> wrote:
Op 23 jul. 2011 20:07 schreef "Dan McGee" <dpmcgee@gmail.com> het volgende:
Upstream version bump, but much more worthy of testing due to the initscripts getting an overhaul.
* No longer do we do manual clearing of rules, instead, empty state files for each table are used by iptables-restore now to clear out the tables. Please test stop/start/restarting of both iptables and ip6tables to make sure it works as appropriate. * Fix https://bugs.archlinux.org/task/24466 and resetting of ip_forward variable; this is now a deprecated feature in this package and we will never touch this value when stopping iptables.
-Dan
You should have enabled static libs, there is a bug report for this. I'll upload a new version when I'm at home.
Ronald
Never mind, it is not needed. Seems to be some upstream bug in the previous version which didn't show up when you enabled static libs. 1.4.12 is fine so it seems.
Should we add a default value for ipv6 packet forwarding to sysctl.conf? Not sure if you mean "added but commented out", or "enabled by default". -1 to both from me- we definitely don't want to enable it by default, but I don't see how this sysctl knob should get any more special treatment than the other 300 ones. People will need to read up on things to get it working, and the key names are mentioned in the iptables conf.d file right now anyway.
-Dan
I actually meant disabled by default as that was what iptables was setting if I'm not mistaken. Anyway, instructions are in the new iptables config script so people should know about it when they upgrade (it may also just be the default when nothing is specified, didn't check for that). Also, signoff x86_64. Ronald