iptables version upgrade timeline

Nish Aravamudan nish.aravamudan at gmail.com
Mon Nov 26 16:31:06 UTC 2018

Hi Paul,

On Sun, Nov 25, 2018 at 8:37 PM Paul David <paul.david at redbubble.com> wrote:
> Dear maintainers,
> We use the iptables package (currently version 1.6.1) from Ubuntu,
> currently we're running bionic.  However, there's a fix in upstream
> iptables as of release v1.6.2 which we want to use on our systems.
> Specifically, this commit:
> <

A couple of points to mention.

While the base upstream version of the Ubuntu package is 1.6.1, that does
not mean the contents of the source used to build the package are identical
to the upstream 1.6.1 (you can see by the version string suffix (-2ubuntu2)
that two Debian releases relative to the upstream have occurred, and two
Ubuntu releases relative to that second Debian release). Looking at the
changelog (`apt-get changelog iptables`), though, it does not appear any of
these involved any upstream backports, which is what you are asking for.

Looking at the upstream commit, this appears to be a new feature, not a
fix? That is, leveraging an upstream kernel change. You may want to read
over https://wiki.ubuntu.com/StableReleaseUpdates to understand what is and
is not considered appropriate for a SRU.

Finally, note that if/when iptables is merged in the Disco cycle, it will
move to 1.8.2-based, most likely, as that is the version in Debian unstable

> I noticed that on <https://packages.ubuntu.com/search?keywords=iptables>
> that bionic, cosmic and disco distributions all have the same version of
> iptables package, namely v1.6.1.
> My question is, can we expect this package to be updated in LTS at some
> point, or should we come up with another solution?  We could manually
> build a package with a patch in it, but we're leery of doing that in our
> production systems.

It is unlikely, IMO, that iptables will be bumped to 1.6.2 or later in any
already-released version of Ubuntu. Instead, a SRU of the above feature,
could be requested, via a bug against the iptables source package:
https://bugs.launchpad.net/ubuntu/+source/iptables. However, without
knowing for sure this is a bugfix, I am not sure it satisifies the SRU
rules (it doesn't hurt to file the bug nonetheless). You might just get a
response of Wishlist-Invalid, or so.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20181126/79083a9f/attachment.html>

More information about the Ubuntu-devel-discuss mailing list