Hi Michael, On Di, 2019-03-05 at 09:47 +0000, Michael Tremer wrote: > Hi, > > I will just merge this and then we will see during testing of the > Core Update. Have deleted all the *legacy* binaries and as before, no problems at all. Should i send another patch without them ? > > What could possibly go wrong? Have currently no problems in focus. Have build also nftables (with libnftnl with an extended iptables-1.8.2 version which incl. also ebtables, arptables, the translation stuff and a lot more) to check there for some possible usage of the *legacy* stuff. It is currently possible to use both (iptables beneath nftables) which offers some funky new possiblities :D but in there the same, did NOT needed the *legacy* binaries since all known iptables binaries are still presant but possibly i have missed/overseen something. At least all is working. Best, Erik > > Best, > -Michael > > > On 4 Mar 2019, at 06:54, ummeegge wrote: > > > > Hi Michael, > > > > On So, 2019-03-03 at 16:04 +0000, Michael Tremer wrote: > > > Hi, > > > > > > This release of iptables has some interesting changes: > > > > > > We now have multiple binaries with -legacy in name. > > > > Yes i was also a little in wonder about that although it looked a > > little like a helper tool if nftables and iptables running at the > > same > > time. Looking at linuxfromscratch --> > > http://www.linuxfromscratch.org/blfs/view/8.3/postlfs/iptables.html > > if '--disable-nftables' has been set, there are no *-legacy* > > binaries > > listed under "Installed Programs:". > > There is also the xtables-legacy-multi binary and looking into the > > nftables-wiki --> > > https://wiki.nftables.org/wiki-nftables/index.php/Legacy_xtables_tools > > > > (please check the 'link to a summary') it appears that all > > setsockopt > > based tools are all now considered as 'legacy'. > > > > > > > > Did you test this? Is there anything we need to think about? > > > > Am running iptables-1.8.2 currently with a backup of my production > > machine with ~ 50 rules and a vast IPset configuration > > (firewall.local) > > and i havenĀ“t recognized problems. > > > > Some other tests i made: > > Made also a diff between 'iptables-legacy-save' and 'iptables-save' > > whereby the output seems to be pretty much the same. > > Moved then also all iptables-legacy* binaries away, restarted the > > machine and all seems to work as it should. > > > > Since it is a little a sensible update, it is great to go for some > > more > > overviews/testings/thinking_abouts. > > > > Best, > > > > > > Erik > > > > > > > > -Michael > > > > > > > On 3 Mar 2019, at 08:09, Erik Kapfer > > > > wrote: > > > > > > > > netfilter-layer7 has also been updated to v2.23 . > > > > > > > > Signed-off-by: Erik Kapfer > > > > --- > > > > config/rootfiles/common/iptables | 19 ++++++++++++------- > > > > lfs/iptables | 17 +++++++++-------- > > > > 2 files changed, 21 insertions(+), 15 deletions(-) > > > > > > > > diff --git a/config/rootfiles/common/iptables > > > > b/config/rootfiles/common/iptables > > > > index d7584c0ad..9aa9e51cb 100644 > > > > --- a/config/rootfiles/common/iptables > > > > +++ b/config/rootfiles/common/iptables > > > > @@ -17,12 +17,8 @@ lib/libiptc.so.0.0.0 > > > > #lib/libxtables.la > > > > lib/libxtables.so > > > > lib/libxtables.so.12 > > > > -lib/libxtables.so.12.0.0 > > > > +lib/libxtables.so.12.2.0 > > > > #lib/xtables > > > > -lib/xtables/libebt_802_3.so > > > > -lib/xtables/libebt_ip.so > > > > -lib/xtables/libebt_log.so > > > > -lib/xtables/libebt_mark_m.so > > > > lib/xtables/libip6t_DNAT.so > > > > lib/xtables/libip6t_DNPT.so > > > > lib/xtables/libip6t_HL.so > > > > @@ -109,7 +105,6 @@ lib/xtables/libxt_layer7.so > > > > lib/xtables/libxt_length.so > > > > lib/xtables/libxt_limit.so > > > > lib/xtables/libxt_mac.so > > > > -lib/xtables/libxt_mangle.so > > > > lib/xtables/libxt_mark.so > > > > lib/xtables/libxt_multiport.so > > > > lib/xtables/libxt_nfacct.so > > > > @@ -136,14 +131,20 @@ lib/xtables/libxt_tos.so > > > > lib/xtables/libxt_u32.so > > > > lib/xtables/libxt_udp.so > > > > sbin/ip6tables > > > > +sbin/ip6tables-legacy > > > > +sbin/ip6tables-legacy-restore > > > > +sbin/ip6tables-legacy-save > > > > sbin/ip6tables-restore > > > > sbin/ip6tables-save > > > > sbin/iptables > > > > +sbin/iptables-legacy > > > > +sbin/iptables-legacy-restore > > > > +sbin/iptables-legacy-save > > > > sbin/iptables-restore > > > > sbin/iptables-save > > > > sbin/iptables-xml > > > > #sbin/nfnl_osf > > > > -sbin/xtables-multi > > > > +sbin/xtables-legacy-multi > > > > #usr/include/libipq.h > > > > #usr/include/libiptc > > > > #usr/include/libiptc/ipt_kernel_headers.h > > > > @@ -178,5 +179,9 @@ sbin/xtables-multi > > > > #usr/share/man/man8/iptables-save.8 > > > > #usr/share/man/man8/iptables.8 > > > > #usr/share/man/man8/nfnl_osf.8 > > > > +#usr/share/man/man8/xtables-legacy.8 > > > > +#usr/share/man/man8/xtables-monitor.8 > > > > +#usr/share/man/man8/xtables-nft.8 > > > > +#usr/share/man/man8/xtables-translate.8 > > > > #usr/share/xtables > > > > usr/share/xtables/pf.os > > > > diff --git a/lfs/iptables b/lfs/iptables > > > > index b4a2834b8..17817a9ef 100644 > > > > --- a/lfs/iptables > > > > +++ b/lfs/iptables > > > > @@ -1,7 +1,7 @@ > > > > ############################################################### > > > > #### > > > > ############ > > > > # > > > > > > > > # > > > > # IPFire.org - A linux based > > > > firewall # > > > > -# Copyright (C) 2007-2018 IPFire Team > > > > > > > > # > > > > +# Copyright (C) 2007-2019 IPFire Team > > > > > > > > # > > > > # > > > > > > > > # > > > > # This program is free software: you can redistribute it and/or > > > > modify # > > > > # it under the terms of the GNU General Public License as > > > > published > > > > by # > > > > @@ -24,7 +24,7 @@ > > > > > > > > include Config > > > > > > > > -VER = 1.6.2 > > > > +VER = 1.8.2 > > > > > > > > THISAPP = iptables-$(VER) > > > > DL_FILE = $(THISAPP).tar.bz2 > > > > @@ -36,13 +36,13 @@ TARGET = $(DIR_INFO)/$(THISAPP) > > > > # Top-level Rules > > > > ############################################################### > > > > #### > > > > ############ > > > > objects = $(DL_FILE) \ > > > > - netfilter-layer7-v2.22.tar.gz > > > > + netfilter-layer7-v2.23.tar.gz > > > > > > > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > > > -netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter- > > > > layer7- > > > > v2.22.tar.gz > > > > +netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter- > > > > layer7- > > > > v2.23.tar.gz > > > > > > > > -$(DL_FILE)_MD5 = 7d2b7847e4aa8832a18437b8a4c1873d > > > > -netfilter-layer7-v2.22.tar.gz_MD5 = > > > > 98dff8a3d5a31885b73341633f69501f > > > > +$(DL_FILE)_MD5 = 944558e88ddcc3b9b0d9550070fa3599 > > > > +netfilter-layer7-v2.23.tar.gz_MD5 = > > > > 10910b6173d18e426cb56ae7e1300eeb > > > > > > > > install : $(TARGET) > > > > > > > > @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst > > > > %,$(DIR_DL)/%,$(objects)) > > > > @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) > > > > > > > > # Layer7 > > > > - cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7- > > > > v2.22.tar.gz > > > > - cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7- > > > > v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ > > > > + cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7- > > > > v2.23.tar.gz > > > > + cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7- > > > > v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ > > > > ./extensions/ > > > > > > > > # imq > > > > @@ -88,6 +88,7 @@ $(TARGET) : $(patsubst > > > > %,$(DIR_DL)/%,$(objects)) > > > > --libdir=/lib \ > > > > --includedir=/usr/include \ > > > > --enable-libipq \ > > > > + --with-xtlibdir=/lib/xtables \ > > > > --libexecdir=/lib \ > > > > --bindir=/sbin \ > > > > --sbindir=/sbin \ > > > > -- > > > > 2.12.2 > > > > > > > > > > > >