Bug#637796: iptables-persistent: init script too zealous ?

Andreas Rütten Fri, 25 Nov 2011 08:45:19 -0800

Hi,

looks like this file isn't always present, especially not after a boot.


I checked the following on my mostly empty sid VM:

root@debtesting:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux unstable (sid)
Release:        unstable
Codename:       sid
root@debtesting:~# 
root@debtesting:~#  ls -la /proc/net/ip_tables_names
ls: cannot access /proc/net/ip_tables_names: No such file or directory
root@debtesting:~# 
root@debtesting:~# iptables -v
iptables v1.4.12: no command specified
Try `iptables -h' or 'iptables --help' for more information.
root@debtesting:~# 
root@debtesting:~#  ls -la /proc/net/ip_tables_names
ls: cannot access /proc/net/ip_tables_names: No such file or directory
root@debtesting:~# 
root@debtesting:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
root@debtesting:~#  ls -la /proc/net/ip_tables_names
-r--r----- 1 root root 0 Nov 25 17:28 /proc/net/ip_tables_names
root@debtesting:~# 


It seems to be that the first call of iptables -L loads the module:


root@debtesting:~# lsmod | grep ip_tables
root@debtesting:~# 
root@debtesting:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
root@debtesting:~# 
root@debtesting:~# lsmod | grep ip_tables
ip_tables              17079  1 iptable_filter
x_tables               18055  2 iptable_filter,ip_tables
root@debtesting:~# 


So the question is: Do we need to check if the module is already loaded
when the first call of iptables-restore will load the module
automatically?

root@debtesting:~# lsmod | grep ip_tables
root@debtesting:~# 
root@debtesting:~# iptables-restore < /tmp/test 
root@debtesting:~# 
root@debtesting:~# lsmod | grep ip_tables
ip_tables              17079  1 iptable_filter
x_tables               18055  2 iptable_filter,ip_tables
root@debtesting:~# 


This works if /tmp/test is a valid file for iptables-restore.


Regards,
Andreas

-- 
Andreas Rütten
mailto : andreasruet...@gmx.de
PGP, 6C9DFFB2, 8394 99DA 59BD BCE2 3FC8  3A9E 6633 0089 6C9D FFB2
--

signature.asc
Description: PGP signature

Bug#637796: iptables-persistent: init script too zealous ?

Reply via email to