A couple of weeks ago I finally got round to doing some major surgery on iptables-persistent.
First of all it is principally now called netfilter-persistent (although the source package hasn’t been renamed) and has a plugin architecture so that it can be extended by other packages. One of those packages isÂ iptables-persistent; others may follow. This opens the way to fixing #662743 and #697088Â (patches always welcome).
There’s also a new binary to handle loading/unloading of rules, instead of having all the logic in an init script. I was therefore able to addÂ systemd support as a first-class unit, and I’d appreciate patches for an Upstart service (as I’m largely unfamiliar with it).
Plugins are simply dropped intoÂ /usr/share/netfilter-persistent/plugins.d and must follow certain minimum conventions, detailed inÂ netfilter-persistent(1). They can be any executable, so compiled or interpreted binaries are acceptable.
This release finally gets the magicÂ 1.0 identifier. It reaches Jessie today, and is already in Ubuntu Utopic.