iptables-1.4 branch opened

Harald Welte

2006-01-21

Since we now have the x_tables kernel side code in the upcoming 2.6.16 series, I'm working on getting iptables-1.4.x done to actually take advantage of the new kernel's abilities.

The main reason why people are interested in this, is to get matches like 'state' and 'conntrack' working for IPv6. Even though 2.6.15 has nf_conntrack and thus state tracking for IPv6, you cannot really use it from ip6tables yet.

The same goes for all native x_tables matches and targets. However, I think we'll also release a new version of iptables-1.3.x just with 'state' and 'conntrack' support, since it gives a more stable foundation for production users than a completely new 1.4.x branch with hundreds of kilobytes of patches.