Your message dated Fri, 19 Oct 2018 07:51:16 +0000 with message-id <[email protected]> and subject line Bug#780738: fixed in iptables-persistent 1.0.9 has caused the Debian Bug report #780738, regarding save action from init script fails when ipv6 disabled to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 780738: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780738 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: iptables-persistent Version: 1.0.3 Despite configuring a system not to use ipv6, the script from iptables-persistent fails to complete properly and save just the ipv4 rules. There are a couple problems: (1) Tries to load ipv6 module load in ../plugins.d/25-ip6tables while the script runs under "set -e" but some systems will have e.g. "install ip6table_filter /bin/true" in modprobe.conf and the modprobe will fail. save_rules() correctly tests for /proc/net/ip6_tables_names to skip but won't even get that far due to "set -e" as in: $ sudo bash -x 25-ip6tables save || echo failed + set -e + rc=0 + case "$1" in + save_rules + /sbin/modprobe -q ip6table_filter failed (2) Even if we allow the modules to install, we still have issue because of ipv6.disable=1 on /proc/cmdline, e.g.: $ sudo bash -x 25-ip6tables save || echo failed + set -e + rc=0 + case "$1" in + save_rules + /sbin/modprobe -q ip6table_filter + '[' '!' -f /proc/net/ip6_tables_names ']' + '[' -x /sbin/ip6tables-save ']' + ip6tables-save ip6tables-save v1.4.21: Cannot initialize: Address family not supported by protocol failed (and for completeness, in case it's relevant:) $ sudo debconf-show iptables-persistent * iptables-persistent/autosave_v6: false * iptables-persistent/autosave_v4: true Since the running kernel lacking v6 means save/load failure is not an error that iptables-persist needs to notify the user about (he likely knows already that ipv6 is disabled completely in kernel), I would suggest not even warning about this, and just skip, e.g.: test -e /proc/sys/net/ipv6 || { true; exit; } as first line of 25-ip6tables script (prior to "set -e").
--- End Message ---
--- Begin Message ---Source: iptables-persistent Source-Version: 1.0.9 We believe that the bug you reported is fixed in the latest version of iptables-persistent, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. gustavo panizzo <[email protected]> (supplier of updated iptables-persistent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 19 Oct 2018 01:13:04 +0000 Source: iptables-persistent Binary: netfilter-persistent iptables-persistent ipset-persistent Architecture: all source Version: 1.0.9 Distribution: unstable Urgency: medium Maintainer: Jonathan Wiltshire <[email protected]> Changed-By: gustavo panizzo <[email protected]> Closes: 720110 748267 780738 794037 859015 Description: ipset-persistent - boot-time loader for netfilter rules, ipset plugin iptables-persistent - boot-time loader for netfilter rules, iptables plugin netfilter-persistent - boot-time loader for netfilter configuration Changes: iptables-persistent (1.0.9) unstable; urgency=medium . * [7348f0] Exit fast if IPv6 is disabled. Thanks to Scott Smemsh (Closes: #780738) * [fe7575] Do not load blacklisted modules. Thanks to Jonathan Thibault (Closes: #748267) * [07df20] Do not fail the scripts if modprobe fails. Thanks to Nye Liu and Marc MAURICE (Closes: #794037, #720110) * [a11723] Do not discard stderr from *-save and *-restore commands. Thanks to Tony Finch (Closes: #859015) * [3f8f61] Remove trailing space in debian/rules Checksums-Sha1: 264ea8ee9ba03439e3f92b20c1c991c0710dad27 1336 iptables-persistent_1.0.9.dsc 923592458b2fc13cafc4d9eada3250f7f8ea3627 15476 iptables-persistent_1.0.9.tar.xz 738433d267531667fba88be59104a34f9730a908 8340 ipset-persistent_1.0.9_all.deb c5083abeaeb7a60483060aa8830a353c83964e12 11392 iptables-persistent_1.0.9_all.deb 4731e23d67d6b34e0d4e859f914173c4fc0b60d5 5103 iptables-persistent_1.0.9_arm64.buildinfo 287fbd7878e9f7ff6f492f443868d96f7659d968 9740 netfilter-persistent_1.0.9_all.deb Checksums-Sha256: b107bc037f74e9130137e124a6ff7e14764ed8b250f72277352e643925ebd43d 1336 iptables-persistent_1.0.9.dsc a2c9b24464e0dbaeb79b1fd4599e665348aa679822a160ef8af65e965c99c37e 15476 iptables-persistent_1.0.9.tar.xz feacf5abccb8f9ea7249e1f84e76116d090a6796d33781bb81c3586cdc02b1db 8340 ipset-persistent_1.0.9_all.deb 335be2171f05fd9ccae729d51c3182b5199e4072d8046f1c37e05f36d422aa44 11392 iptables-persistent_1.0.9_all.deb 18a22e48aaa6936e34f86247a9ec0751d482aefc3e7551248a17815d9dd74e21 5103 iptables-persistent_1.0.9_arm64.buildinfo 79d8d4282047687ecd0ba0071b211fe7ef88909d41408c73d11c4f6035b7c15c 9740 netfilter-persistent_1.0.9_all.deb Files: 329fca6e54e392e4525b0abd16e16228 1336 admin optional iptables-persistent_1.0.9.dsc 447ed5a6fb99c2f7b97f18622696bc87 15476 admin optional iptables-persistent_1.0.9.tar.xz 0d086cccf7fd45ce1064ce71f868b98c 8340 admin optional ipset-persistent_1.0.9_all.deb 992f3b48f0ed6febd43ec2a2451968b7 11392 admin optional iptables-persistent_1.0.9_all.deb f8193b200e97d64982d95bfb698d0112 5103 admin optional iptables-persistent_1.0.9_arm64.buildinfo 4252acc0a17b0685b6afc744a686b546 9740 admin optional netfilter-persistent_1.0.9_all.deb -----BEGIN PGP SIGNATURE----- iIcEARYIAC8WIQRg9zD3ahsXzbLEOKIEKNKjvsfFMgUCW8mI9BEcZ2ZhQHp1bWJp LmNvbS5hcgAKCRAEKNKjvsfFMurHAQDV4j9SKa70W7oQD5BLf2euL3mSp+Z/vZc+ Z/kxD93L9QEAhF9YRW0esPUP85+iNTBGHSQcxpxmKs9+H8uuMTJ/+gg= =tpAZ -----END PGP SIGNATURE-----
--- End Message ---
