Hi Michael,
I've already merged it upstream, although I'm not sure whether there
will be an officially updated 1.8.8 version, as I'm retiring 1.8
ASAP.... But at least the next 1.9 will have the patch included...
cheers,
Arno
Michael Hanke wrote:
Hi,
[ CC'ing upstream (Hi Arno!). Full quote below. ]
Thanks a lot for the patch, I will add it to the package as soon as I'm
back at work (next week).
Cheers,
Michael
On Tue, Aug 05, 2008 at 01:27:14AM +0100, Chris Lamb wrote:
Package: arno-iptables-firewall
Version: 1.8.8.o-2
Tags: patch
Hi,
Please append "$network" to arno-iptables-firewall's LSB Required-Start and
Required-Stop lines.
When using a concurrent boot method, I have experienced race conditions
whereby the interface is not fully configured before arno-iptables-firewall
starts (for example, due to a slow-responding DHCP server or by having a
number of interfaces to configure).
This does not affect arno-iptables-firewall in its default shipped state as
/sbin/iptables will happily add rules to unconfigured interfaces. However,
plugins that use commands such as /sbin/ip and friends (including the
shipped multiroute plugin) and anything that relies on an IP address being
assigned will race with the "ifup" calls. (I encountered this with a custom
plugin of mine, not with multiroute, however.)
Patch attached.
Regards,
--
Chris Lamb, UK [EMAIL PROTECTED]
GPG: 0x634F9A20
diff -urNad arno-iptables-firewall-1.8.8.o.orig/arno-iptables-firewall
arno-iptables-firewall-1.8.8.o/arno-iptables-firewall
--- arno-iptables-firewall-1.8.8.o.orig/arno-iptables-firewall 2008-08-05
01:01:52.000000000 +0100
+++ arno-iptables-firewall-1.8.8.o/arno-iptables-firewall 2008-08-05
01:02:05.000000000 +0100
@@ -5,8 +5,8 @@
### BEGIN INIT INFO
# Provides: arno-iptables-firewall
-# Required-Start: $syslog $local_fs
-# Required-Stop: $syslog $local_fs
+# Required-Start: $syslog $local_fs $network
+# Required-Stop: $syslog $local_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Setup iptables firewall configuration
