Hi Eddi, On 07/12/2025 23:16, Edmund H. Ramm wrote:
Hello Jerome,after I compiled a kernel with "Netfilter legacy tables support" enabled, firehol works with iptables-legacy, iptables-legacy-restore and iptables-legacy-save.
good to know.
But it is a ticking time-bomb. Should the kernel people one day decide
to drop "Netfilter legacy tables support" (like the Debian people decided
to drop i386 support),
We are dealing here with two very different kinds of support with different supports: the former depends on the Linux team, the latter on the Debian team. The code for the Netfilter stuff is very likely to stay and its support to stale as this stuff has been deprecated in favor of the nf version. firehol won't start any longer, because iptables-legacy
won't find the module ip_tables.ko.
It is recommended to build and to tune your own kernel.
I think it would be more flexible if the firehol installation script
detects the actual ip filtering method used (legacy or nf) and selects the
proper iptables commands (with or without "legacy") based on its finds.
Firehol actually works only with the legacy method. A support for the nf method may ask for a full recoding.
If you don't have further concerns, you may consider the "bug" solved.
Indeed. But I will not close it now because I will see before if ip_tables.ko can be still present in the linux-image packages. Furthermore I may add a comment in the debian README file.
Thank you very much for your support and patience.
likewise, bon courage, Jerome
Yours sincerely,
Eddi ._._.
-- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/[email protected] AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B
OpenPGP_signature.asc
Description: OpenPGP digital signature
