iptables

[Rocco Stanzione]

The iptables package hasn't seen any meaningful change in a very long time, 
while the upstream code and the corresponding netfilter code in the kernel 
have undergone something close to a revolution.  The current package is 
unnecessarily complicated and difficult to maintain.  When it was made, it 
was not as easy as it is now to get the features we want.  If we simply 
grabbed a current iptables tarball from netfilter.org and 
said "KERNEL_DIR=/path/to/linux/headers make;make install", we would get 
every single feature we're currently getting from our patch-o-matic build 
process, plus several more (string, policy and dccp for ipv4 and state, 
policy and connmark for ipv6), and we'd have a significantly smaller source 
package, since we don't have to include the (ancient) chunk of kernel source 
that's currently included, or the patch-o-matic patches.

I would like to part ways with Debian on the iptables package in the interest 
of simplifying the build process and moving forward with some of the new, 
very nice features available in modern kernels and userland tools.  This 
would also allow us to close at least half the bugs filed against the 
package.  Is there someone specific I should talk to about this?  Should it 
be expressed as a spec or a bug report, or am I on the right track?

Thanks,

Rocco