[arch-dev-public] [signoff] iptables 1.4.12-1
dpmcgee at gmail.com
Mon Jul 25 09:28:20 EDT 2011
On Sun, Jul 24, 2011 at 5:55 AM, Ronald van Haren <pressh at gmail.com> wrote:
> On Sat, Jul 23, 2011 at 9:46 PM, Ronald van Haren <pressh at gmail.com> wrote:
>> Op 23 jul. 2011 20:07 schreef "Dan McGee" <dpmcgee at gmail.com> het volgende:
>>> Upstream version bump, but much more worthy of testing due to the
>>> initscripts getting an overhaul.
>>> * No longer do we do manual clearing of rules, instead, empty state
>>> files for each table are used by iptables-restore now to clear out the
>>> tables. Please test stop/start/restarting of both iptables and
>>> ip6tables to make sure it works as appropriate.
>>> * Fix https://bugs.archlinux.org/task/24466 and resetting of
>>> ip_forward variable; this is now a deprecated feature in this package
>>> and we will never touch this value when stopping iptables.
>> You should have enabled static libs, there is a bug report for this. I'll
>> upload a new version when I'm at home.
> Never mind, it is not needed. Seems to be some upstream bug in the
> previous version which didn't show up when you enabled static libs.
> 1.4.12 is fine so it seems.
> Should we add a default value for ipv6 packet forwarding to sysctl.conf?
Not sure if you mean "added but commented out", or "enabled by
default". -1 to both from me- we definitely don't want to enable it by
default, but I don't see how this sysctl knob should get any more
special treatment than the other 300 ones. People will need to read up
on things to get it working, and the key names are mentioned in the
iptables conf.d file right now anyway.
More information about the arch-dev-public