<!DOCTYPE html>

<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    Is this going in slightly the wrong direction? Documenting the

    variables may be a nice idea, but isn't the method of setting them

    by editing the config.mk a bit off? Can't you just do something

    like:<br>

    <br>

    HAVE_NFTABLES=true make<br>

    <br>

    or<br>

    <br>

    export HAVE_NFTABLES=true<br>

    make<br>

    <br>

    <div class="moz-cite-prefix">On 23/09/2023 15:58, manfred wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:6f68992c-2946-09cf-17a8-31e4920a984e@gmail.com">As a

      suggestion, it may be useful for config.mk to have a comment list

      of USE_* and HAVE_* variables that may be enabled in the right

      place.

      <br>

      <br>

      <br>

      On 9/23/2023 10:50 AM, manfred wrote:

      <br>

      <blockquote type="cite">mk/defaults/linux.mk has this:

        <br>

        <br>

        ifneq ($(HAVE_NFTABLES), true)

        <br>

           HAVE_IPTABLES ?= true

        <br>

        endif

        <br>

        <br>

        So, most likely you have to define:

        <br>

        <br>

        HAVE_NFTABLES ?= true

        <br>

        <br>

        early in config.mk.

        <br>

        <br>

        <br>

        On 9/23/2023 8:49 AM, Armen Dilanyan wrote:

        <br>

        <blockquote type="cite">Can you please specify what needs to be

          edited in the mk/config.mk file?

          <br>

          Remove the lines from the file:

          <br>

          /*-e "s:@HAVE_IPTABLES@:$(HAVE_IPTABLES):g" \*/

          <br>

          and

          <br>

          /*# iptables for CAT, or NFLOG, look, barf, verify*/

          <br>

          /*HAVE_IPTABLES ?= false*/

          <br>

          /*ifeq ($(HAVE_IPTABLES),true)*/

          <br>

          /*USERLAND_CFLAGS += -DHAVE_IPTABLES*/

          <br>

          /*endif*/

          <br>

          23.09.2023, 18:24, "Paul Wouters" <a class="moz-txt-link-rfc2396E" href="mailto:paul@nohats.ca"><paul@nohats.ca></a>:

          <br>

          <br>

              There is an option to build with nftables that can be

          enabled. See

          <br>

              mk/config.mk

          <br>

          <br>

              Sent using a virtual keyboard on a phone

          <br>

          <br>

                    On Sep 23, 2023, at 05:24, Armen Dilanyan

          <<a class="moz-txt-link-abbreviated" href="mailto:ad@2ip.am">ad@2ip.am</a>

          <br>

                  <a class="moz-txt-link-rfc2396E" href="mailto:ad@2ip.am"><mailto:ad@2ip.am></a>> wrote:

          <br>

          <br>

          <br>

                    Hello dear community,

          <br>

          <br>

                    I would like to discuss an important matter with

          you.

          <br>

          <br>

                    Currently, Libreswan has a dependency on the

          iptables package.

          <br>

                  However, in recent versions of the GNU/Debian

          operating system,

          <br>

                  iptables is no longer installed by default, and it has

          been

          <br>

                  replaced by nftables. The developers of netfilter are

          planning

          <br>

                  to fully replace iptables with nftables in the future.

          <br>

                  Installing both iptables and nftables simultaneously

          may not be

          <br>

                  practical.

          <br>

          <br>

                    My question is whether Libreswan is considering the

          <br>

                  possibility of removing its dependency on iptables and

          <br>

                  transitioning to using nftables. Is it possible to

          build the

          <br>

                  Libreswan package from source without the iptables

          dependency?

          <br>

          <br>

                    I appreciate your attention to this matter and look

          forward to

          <br>

                  hearing your insights.

          <br>

                    _______________________________________________

          <br>

                    Swan mailing list

          <br>

                  <a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>

          <a class="moz-txt-link-rfc2396E" href="mailto:Swan@lists.libreswan.org"><mailto:Swan@lists.libreswan.org></a>

          <br>

                  <a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>

          <br>

          <a class="moz-txt-link-rfc2396E" href="https://lists.libreswan.org/mailman/listinfo/swan"><https://lists.libreswan.org/mailman/listinfo/swan></a>

          <br>

          <br>

          <br>

          _______________________________________________

          <br>

          Swan mailing list

          <br>

          <a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>

          <br>

          <a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>

          <br>

        </blockquote>

      </blockquote>

      _______________________________________________

      <br>

      Swan mailing list

      <br>

      <a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>

      <br>

      <a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>

      <br>

    </blockquote>

    <br>

  </body>

</html>