[arch-dev-public] [signoff] iptables 1.4.12-1
Ronald van Haren
pressh at gmail.com
Mon Jul 25 09:45:59 EDT 2011
On Mon, Jul 25, 2011 at 1:28 PM, Dan McGee <dpmcgee at gmail.com> wrote:
> On Sun, Jul 24, 2011 at 5:55 AM, Ronald van Haren <pressh at gmail.com> wrote:
>> On Sat, Jul 23, 2011 at 9:46 PM, Ronald van Haren <pressh at gmail.com> wrote:
>>> Op 23 jul. 2011 20:07 schreef "Dan McGee" <dpmcgee at gmail.com> het volgende:
>>>> Upstream version bump, but much more worthy of testing due to the
>>>> initscripts getting an overhaul.
>>>> * No longer do we do manual clearing of rules, instead, empty state
>>>> files for each table are used by iptables-restore now to clear out the
>>>> tables. Please test stop/start/restarting of both iptables and
>>>> ip6tables to make sure it works as appropriate.
>>>> * Fix https://bugs.archlinux.org/task/24466 and resetting of
>>>> ip_forward variable; this is now a deprecated feature in this package
>>>> and we will never touch this value when stopping iptables.
>>> You should have enabled static libs, there is a bug report for this. I'll
>>> upload a new version when I'm at home.
>> Never mind, it is not needed. Seems to be some upstream bug in the
>> previous version which didn't show up when you enabled static libs.
>> 1.4.12 is fine so it seems.
>> Should we add a default value for ipv6 packet forwarding to sysctl.conf?
> Not sure if you mean "added but commented out", or "enabled by
> default". -1 to both from me- we definitely don't want to enable it by
> default, but I don't see how this sysctl knob should get any more
> special treatment than the other 300 ones. People will need to read up
> on things to get it working, and the key names are mentioned in the
> iptables conf.d file right now anyway.
I actually meant disabled by default as that was what iptables was
setting if I'm not mistaken. Anyway, instructions are in the new
iptables config script so people should know about it when they
upgrade (it may also just be the default when nothing is specified,
didn't check for that).
Also, signoff x86_64.
More information about the arch-dev-public