James Morris wrote:

On Mon, 21 Jul 2008, Patrick McHardy wrote:

  

quoted

This is only the NETFILTER_ADVANCED=n default (for SECURITY=y).
The netfilter defaults for NETFILTER_ADVANCED=n should be m/y for
things that are needed by mainstream distributions for normal
usage.

I'm not sure how this is going to be used, James?
    

I think the idea now is that everything new is N by default, but the 
intention is to have this enabled in Fedora/RHEL.

Well, this option (NETFILTER_ADVANCED) was introduced specifically
so Linus doesn't have to go through and enable all the netfilter
options manually :)

The idea was that NETFILTER_ADVANCED=n enables everything needed
by mainstream distributions and hides the rest. We can certainly
change the default for this option, but that makes NETFILTER_ADVANCED
pretty much useless.

Patrick, would you please fix this up?  The only dev box I have access to 
at the moment doesn't boot with recent git (I think it's the macbook2 
issue).

Sure. I'd like to hear whether Linus still wants this changed though.