New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
iptables: 1.6.2 -> 1.8.2 #51252
iptables: 1.6.2 -> 1.8.2 #51252
Conversation
+ enabled BPF compiler by default since it is the future Changelog 1.8.0: https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.0.txt Changelog 1.8.1: https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.1.txt Changelog 1.8.2: https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.2.txt
Meh? What's wrong with brave |
@GrahamcOfBorg eval |
No attempt on x86_64-darwin (full log) The following builds were skipped because they don't evaluate on x86_64-darwin: iptables Partial log (click to expand)
|
Timed out, unknown build status on x86_64-linux (full log) Attempted: iptables Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: iptables Partial log (click to expand)
|
@GrahamcOfBorg test firewall |
No attempt on aarch64-linux (full log) The following builds were skipped because they don't evaluate on aarch64-linux: tests.firewall Partial log (click to expand)
|
No attempt on x86_64-linux (full log) The following builds were skipped because they don't evaluate on x86_64-linux: tests.firewall Partial log (click to expand)
|
@GrahamcOfBorg build nixosTests.firewall |
No attempt on x86_64-darwin (full log) The following builds were skipped because they don't evaluate on x86_64-darwin: nixosTests.firewall Partial log (click to expand)
|
Timed out, unknown build status on x86_64-linux (full log) Attempted: nixosTests.firewall Partial log (click to expand)
|
Failure on aarch64-linux (full log) Attempted: nixosTests.firewall Partial log (click to expand)
|
@GrahamcOfBorg build iptables |
We should add |
Otherwise -lpcap gets propagated to reverse deps This can break strongswan build for example NixOS#51252 (comment)
Motivation for this change
Version bump
+ enabled BPF compiler by default since BPF is the future of Linux packet filtering.
It adds the
nfbpf_compile
command which compiles a PCAP expression into a BPF bytecode that can then be used in a rule.Changelog 1.8.0:
https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.0.txt
Changelog 1.8.1:
https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.1.txt
Changelog 1.8.2:
https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.2.txt
/cc @fpletz as maintainer
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)