Hi,
On Wed, Oct 29, 2025 at 04:19:41PM +0100, Bastian Blank wrote:
> Control: reopen -1
>
> On Thu, Oct 23, 2025 at 08:21:43PM +0200, Ben Hutchings wrote:
> > There was an intentional change upstream: there is a new symbol
> > CONFIG_NETFILTER_XTABLES_LEGACY that iptables etc. depend on, and it is
> > off by default. But we certainly shouldn't break libvirt, so I think we
> > need to turn that back on for now.
>
> And this problem is actually unrelated. We don't actually set
> NETFILTER_XT_TARGET_MASQUERADE in our config. So it ends up disabled as
> we also override the default selection with NETFILTER_ADVANCED=y.
>
> | % git grep -E 'NETFILTER_ADVANCED|NETFILTER_XT_TARGET_MASQUERADE'
> | debian/config/config:CONFIG_NETFILTER_ADVANCED=y
> | %
maybe i get thinkgs wrong right now,but it still get enabled now,
because
/boot/config-6.17.6+deb14-amd64:CONFIG_NETFILTER_ADVANCED=y
/boot/config-6.17.6+deb14-amd64:CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m
/boot/config-6.17.6+deb14-amd64:CONFIG_IP_NF_TARGET_MASQUERADE=m
and
config IP_NF_TARGET_MASQUERADE
tristate "MASQUERADE target support"
select NETFILTER_XT_TARGET_MASQUERADE
help
This is a backwards-compat option for the user's convenience
(e.g. when running oldconfig). It selects
NETFILTER_XT_TARGET_MASQUERADE.
Is this correct?
Regards,
Salvatore
