On Fri, Jan 9, 2026 at 10:35 AM Mikko Rapeli <[email protected]> wrote:
> A lot of the netfilter kernel features selected here > get effectively disabled if NETFILTER_XTABLES_LEGACY is > not enabled. In many cases nftables/xtables userspace > tooling can replace iptables, but there may be gaps > which are not tested. Hence enable the legacy support > for now. > As I did for the recent Xen issue, I'd rather not do this. As we get warnings and valid use cases for the symbols, I'm dragging them forward to their new value. Running into these types of migration and update issues is the best way I can find out over time which ones are actually being used. Bruce > > Signed-off-by: Mikko Rapeli <[email protected]> > --- > features/netfilter/netfilter.cfg | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/features/netfilter/netfilter.cfg > b/features/netfilter/netfilter.cfg > index 7f76c92c425d..57ffd0373a41 100644 > --- a/features/netfilter/netfilter.cfg > +++ b/features/netfilter/netfilter.cfg > @@ -37,6 +37,8 @@ CONFIG_NETFILTER_XT_TARGET_MARK=m > CONFIG_NETFILTER_XT_TARGET_NFLOG=m > CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m > # CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set > + > +CONFIG_NETFILTER_XTABLES_LEGACY=y > CONFIG_NETFILTER_XT_TARGET_TRACE=m > CONFIG_NETFILTER_XT_TARGET_TCPMSS=m > CONFIG_NETFILTER_XT_MATCH_COMMENT=m > -- > 2.34.1 > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16156): https://lists.yoctoproject.org/g/linux-yocto/message/16156 Mute This Topic: https://lists.yoctoproject.org/mt/117176773/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
