On 03/22/2013 04:37 PM, Stefan Berger wrote:
Linux netfilter at some point inverted the meaning of the
'--ctdir reply'
and newer netfilter implementations now expect '--ctdir original'
instead and vice-versa.
We probe for this netfilter change via a UDP message over loopback and 3
filtering rules applied to INPUT two times, one time with '--ctdir
original'
which should then work on 'fixed' netfilter and one other time with
'--ctdir reply' which should only work on the 'old' netfilter.
If neither one of the tests gets the data through, then the loopback
device
is probably not configured correctly. If both tests get the data through
something must be seriously wrong. In both of these two latter cases
no '--ctdir' will then be applied to the rules.
Are you going to let 1.0.4 sail without 'something like this'?