Control: forcemerge 839632 -1 On Mon, 2016-10-03 at 13:24 -0400, Matthew Gabeler-Lee wrote: > Package: src:linux > Version: 4.7.5-1 > Severity: normal > > The 4.7 kernel seems to have MASSIVELY changed how firewalls are allowed to > use conntrack modules by default, rendering many common firewall > configurations invalid in significant ways. > > This should be called out in the NEWS (possibly conditional on having some > common firewall tools installed or something?) so that administrators are > not caught by surprise. [...]
The kernel has warned about reliance on auto-loading conntrack helpers since 3.5, so this should not be surprising. Ben. -- Ben Hutchings Horngren's Observation: Among economists, the real world is often a special case.
signature.asc
Description: This is a digitally signed message part
