Hi, I will just merge this and then we will see during testing of the Core Update. What could possibly go wrong? Best, -Michael > On 4 Mar 2019, at 06:54, ummeegge wrote: > > Hi Michael, > > On So, 2019-03-03 at 16:04 +0000, Michael Tremer wrote: >> Hi, >> >> This release of iptables has some interesting changes: >> >> We now have multiple binaries with -legacy in name. > Yes i was also a little in wonder about that although it looked a > little like a helper tool if nftables and iptables running at the same > time. Looking at linuxfromscratch --> > http://www.linuxfromscratch.org/blfs/view/8.3/postlfs/iptables.html > if '--disable-nftables' has been set, there are no *-legacy* binaries > listed under "Installed Programs:". > There is also the xtables-legacy-multi binary and looking into the > nftables-wiki --> > https://wiki.nftables.org/wiki-nftables/index.php/Legacy_xtables_tools > (please check the 'link to a summary') it appears that all setsockopt > based tools are all now considered as 'legacy'. > >> >> Did you test this? Is there anything we need to think about? > Am running iptables-1.8.2 currently with a backup of my production > machine with ~ 50 rules and a vast IPset configuration (firewall.local) > and i havenĀ“t recognized problems. > > Some other tests i made: > Made also a diff between 'iptables-legacy-save' and 'iptables-save' > whereby the output seems to be pretty much the same. > Moved then also all iptables-legacy* binaries away, restarted the > machine and all seems to work as it should. > > Since it is a little a sensible update, it is great to go for some more > overviews/testings/thinking_abouts. > > Best, > > > Erik > >> >> -Michael >> >>> On 3 Mar 2019, at 08:09, Erik Kapfer wrote: >>> >>> netfilter-layer7 has also been updated to v2.23 . >>> >>> Signed-off-by: Erik Kapfer >>> --- >>> config/rootfiles/common/iptables | 19 ++++++++++++------- >>> lfs/iptables | 17 +++++++++-------- >>> 2 files changed, 21 insertions(+), 15 deletions(-) >>> >>> diff --git a/config/rootfiles/common/iptables >>> b/config/rootfiles/common/iptables >>> index d7584c0ad..9aa9e51cb 100644 >>> --- a/config/rootfiles/common/iptables >>> +++ b/config/rootfiles/common/iptables >>> @@ -17,12 +17,8 @@ lib/libiptc.so.0.0.0 >>> #lib/libxtables.la >>> lib/libxtables.so >>> lib/libxtables.so.12 >>> -lib/libxtables.so.12.0.0 >>> +lib/libxtables.so.12.2.0 >>> #lib/xtables >>> -lib/xtables/libebt_802_3.so >>> -lib/xtables/libebt_ip.so >>> -lib/xtables/libebt_log.so >>> -lib/xtables/libebt_mark_m.so >>> lib/xtables/libip6t_DNAT.so >>> lib/xtables/libip6t_DNPT.so >>> lib/xtables/libip6t_HL.so >>> @@ -109,7 +105,6 @@ lib/xtables/libxt_layer7.so >>> lib/xtables/libxt_length.so >>> lib/xtables/libxt_limit.so >>> lib/xtables/libxt_mac.so >>> -lib/xtables/libxt_mangle.so >>> lib/xtables/libxt_mark.so >>> lib/xtables/libxt_multiport.so >>> lib/xtables/libxt_nfacct.so >>> @@ -136,14 +131,20 @@ lib/xtables/libxt_tos.so >>> lib/xtables/libxt_u32.so >>> lib/xtables/libxt_udp.so >>> sbin/ip6tables >>> +sbin/ip6tables-legacy >>> +sbin/ip6tables-legacy-restore >>> +sbin/ip6tables-legacy-save >>> sbin/ip6tables-restore >>> sbin/ip6tables-save >>> sbin/iptables >>> +sbin/iptables-legacy >>> +sbin/iptables-legacy-restore >>> +sbin/iptables-legacy-save >>> sbin/iptables-restore >>> sbin/iptables-save >>> sbin/iptables-xml >>> #sbin/nfnl_osf >>> -sbin/xtables-multi >>> +sbin/xtables-legacy-multi >>> #usr/include/libipq.h >>> #usr/include/libiptc >>> #usr/include/libiptc/ipt_kernel_headers.h >>> @@ -178,5 +179,9 @@ sbin/xtables-multi >>> #usr/share/man/man8/iptables-save.8 >>> #usr/share/man/man8/iptables.8 >>> #usr/share/man/man8/nfnl_osf.8 >>> +#usr/share/man/man8/xtables-legacy.8 >>> +#usr/share/man/man8/xtables-monitor.8 >>> +#usr/share/man/man8/xtables-nft.8 >>> +#usr/share/man/man8/xtables-translate.8 >>> #usr/share/xtables >>> usr/share/xtables/pf.os >>> diff --git a/lfs/iptables b/lfs/iptables >>> index b4a2834b8..17817a9ef 100644 >>> --- a/lfs/iptables >>> +++ b/lfs/iptables >>> @@ -1,7 +1,7 @@ >>> ################################################################### >>> ############ >>> # >>> # >>> # IPFire.org - A linux based >>> firewall # >>> -# Copyright (C) 2007-2018 IPFire Team >>> # >>> +# Copyright (C) 2007-2019 IPFire Team >>> # >>> # >>> # >>> # This program is free software: you can redistribute it and/or >>> modify # >>> # it under the terms of the GNU General Public License as published >>> by # >>> @@ -24,7 +24,7 @@ >>> >>> include Config >>> >>> -VER = 1.6.2 >>> +VER = 1.8.2 >>> >>> THISAPP = iptables-$(VER) >>> DL_FILE = $(THISAPP).tar.bz2 >>> @@ -36,13 +36,13 @@ TARGET = $(DIR_INFO)/$(THISAPP) >>> # Top-level Rules >>> ################################################################### >>> ############ >>> objects = $(DL_FILE) \ >>> - netfilter-layer7-v2.22.tar.gz >>> + netfilter-layer7-v2.23.tar.gz >>> >>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >>> -netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7- >>> v2.22.tar.gz >>> +netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7- >>> v2.23.tar.gz >>> >>> -$(DL_FILE)_MD5 = 7d2b7847e4aa8832a18437b8a4c1873d >>> -netfilter-layer7-v2.22.tar.gz_MD5 = >>> 98dff8a3d5a31885b73341633f69501f >>> +$(DL_FILE)_MD5 = 944558e88ddcc3b9b0d9550070fa3599 >>> +netfilter-layer7-v2.23.tar.gz_MD5 = >>> 10910b6173d18e426cb56ae7e1300eeb >>> >>> install : $(TARGET) >>> >>> @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>> @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) >>> >>> # Layer7 >>> - cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7- >>> v2.22.tar.gz >>> - cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7- >>> v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ >>> + cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7- >>> v2.23.tar.gz >>> + cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7- >>> v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ >>> ./extensions/ >>> >>> # imq >>> @@ -88,6 +88,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>> --libdir=/lib \ >>> --includedir=/usr/include \ >>> --enable-libipq \ >>> + --with-xtlibdir=/lib/xtables \ >>> --libexecdir=/lib \ >>> --bindir=/sbin \ >>> --sbindir=/sbin \ >>> -- >>> 2.12.2 >>> >> >> >