--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
Hello release team
I'd like to fix the bugs #961589 and #963012 in Buster uploading
iptables-persistent 1.0.14 which is already in testing and backports.
The updated package has been part of backports since Oct 2019 without
report of problems, I personally use it on all systems I administer
without problems.
Besides fixing this 2 bugs this version changes the way iptables rules
are flush (to be better IMHO), allows to toggle the rule saving for
individual components (iptables, ip6tables and ipset) without changing
the defaults and setups the iptables, ip6tables and ipset services in
systemd using alternatives (See #926927)
I've attached a debdiff to this report
thanks!
-- System Information:
Debian Release: 10.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8), LANGUAGE=en_US (charmap=UTF-8) (ignored: LC_ALL set to
en_US.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru iptables-persistent-1.0.11/debian/changelog
iptables-persistent-1.0.14+deb10u1/debian/changelog
--- iptables-persistent-1.0.11/debian/changelog 2019-02-09 05:36:39.000000000
+0100
+++ iptables-persistent-1.0.14+deb10u1/debian/changelog 2020-06-21
21:12:04.000000000 +0200
@@ -1,3 +1,39 @@
+iptables-persistent (1.0.14+deb10u1) buster; urgency=medium
+
+ * Rebuild for buster-updates.
+
+ -- gustavo panizzo <g...@zumbi.com.ar> Sun, 21 Jun 2020 19:12:04 +0000
+
+iptables-persistent (1.0.14) unstable; urgency=medium
+
+ * [401a9f] No longer load modules.
+ Thanks to Jérémie LEGRAND (Closes: 932196)
+ * [933938] Implement a new logic to flush firewall rules
+ * [824486] Add variable Pre-Depends as required by init-system-helpers and
debhelper 12
+ * [3ed371] Run wrap-and-sort
+
+ -- gustavo panizzo <g...@zumbi.com.ar> Fri, 13 Sep 2019 19:16:28 +0200
+
+iptables-persistent (1.0.13) unstable; urgency=medium
+
+ * Upload to unstable
+ * [30244a] Standards version 4.4.0 (no changes)
+ * [242e35] Provide the virtual systemd units iptables.service and
+ ipset.service.
+ Thanks to Laurent Bigonville for the bug report (Closes: #926927)
+ * [3a751c] Remove Jonathan Wiltshire as Maintainer and add myself
+ * [7303da] Add Documentation to the systemd unit
+ * [320e48] Use debhelper 12
+
+ -- gustavo panizzo <g...@zumbi.com.ar> Mon, 26 Aug 2019 21:27:58 +0200
+
+iptables-persistent (1.0.12) experimental; urgency=medium
+
+ * [3ca86e] Use white space and tabs consistently
+ * [d5726c] Allow granular configuration for the save action
+
+ -- gustavo panizzo <g...@zumbi.com.ar> Wed, 27 Mar 2019 14:34:28 +0800
+
iptables-persistent (1.0.11) unstable; urgency=medium
* [e491d7] Make iptables-persistent to Pre-Depends on iptables.
diff -Nru iptables-persistent-1.0.11/debian/compat
iptables-persistent-1.0.14+deb10u1/debian/compat
--- iptables-persistent-1.0.11/debian/compat 2019-02-09 03:10:09.000000000
+0100
+++ iptables-persistent-1.0.14+deb10u1/debian/compat 1970-01-01
01:00:00.000000000 +0100
@@ -1 +0,0 @@
-11
diff -Nru iptables-persistent-1.0.11/debian/control
iptables-persistent-1.0.14+deb10u1/debian/control
--- iptables-persistent-1.0.11/debian/control 2019-02-09 05:28:03.000000000
+0100
+++ iptables-persistent-1.0.14+deb10u1/debian/control 2020-06-21
21:12:04.000000000 +0200
@@ -1,10 +1,9 @@
Source: iptables-persistent
Section: admin
Priority: optional
-Maintainer: Jonathan Wiltshire <j...@debian.org>
-Uploaders: gustavo panizzo <g...@zumbi.com.ar>
-Build-Depends: debhelper (>= 11.0.0), po-debconf
-Standards-Version: 4.3.0
+Maintainer: gustavo panizzo <g...@zumbi.com.ar>
+Standards-Version: 4.4.0
+Build-Depends: debhelper-compat (= 12), dh-exec, po-debconf
Vcs-Browser: https://salsa.debian.org/debian/iptables-persistent.git
Vcs-Git: https://salsa.debian.org/debian/iptables-persistent.git
@@ -14,6 +13,7 @@
Breaks: iptables-persistent (<< 1~)
Replaces: iptables-persistent (<< 1~)
Suggests: iptables-persistent
+Pre-Depends: ${misc:Pre-Depends}
Description: boot-time loader for netfilter configuration
This package provides a loader for netfilter configuration using a
plugin-based architecture. It can load, flush and save a running
@@ -23,7 +23,7 @@
Package: iptables-persistent
Architecture: all
Depends: netfilter-persistent (= ${source:Version}), ${misc:Depends}
-Pre-Depends: iptables
+Pre-Depends: iptables, ${misc:Pre-Depends}
Description: boot-time loader for netfilter rules, iptables plugin
netfilter-persistent is a loader for netfilter configuration using a
plugin-based architecture.
@@ -32,6 +32,7 @@
Package: ipset-persistent
Architecture: all
+Pre-Depends: ${misc:Pre-Depends}
Depends: ipset, netfilter-persistent (= ${source:Version}), ${misc:Depends}
Description: boot-time loader for netfilter rules, ipset plugin
netfilter-persistent is a loader for netfilter configuration using a
diff -Nru iptables-persistent-1.0.11/debian/ipset.override
iptables-persistent-1.0.14+deb10u1/debian/ipset.override
--- iptables-persistent-1.0.11/debian/ipset.override 1970-01-01
01:00:00.000000000 +0100
+++ iptables-persistent-1.0.14+deb10u1/debian/ipset.override 2020-06-21
21:12:04.000000000 +0200
@@ -0,0 +1,2 @@
+[Unit]
+Conflicts=ipset.service
diff -Nru iptables-persistent-1.0.11/debian/ipset-persistent.install
iptables-persistent-1.0.14+deb10u1/debian/ipset-persistent.install
--- iptables-persistent-1.0.11/debian/ipset-persistent.install 2019-02-09
03:10:09.000000000 +0100
+++ iptables-persistent-1.0.14+deb10u1/debian/ipset-persistent.install
2020-06-21 21:12:04.000000000 +0200
@@ -1,2 +1,4 @@
-plugins/10-ipset usr/share/netfilter-persistent/plugins.d/
-plugins/40-ipset usr/share/netfilter-persistent/plugins.d/
+#! /usr/bin/dh-exec
+plugins/10-ipset usr/share/netfilter-persistent/plugins.d/
+plugins/40-ipset usr/share/netfilter-persistent/plugins.d/
+debian/ipset.override =>
etc/systemd/system/netfilter-persistent.service.d/ipset.conf
diff -Nru iptables-persistent-1.0.11/debian/ipset-persistent.postinst
iptables-persistent-1.0.14+deb10u1/debian/ipset-persistent.postinst
--- iptables-persistent-1.0.11/debian/ipset-persistent.postinst 2019-02-09
03:10:09.000000000 +0100
+++ iptables-persistent-1.0.14+deb10u1/debian/ipset-persistent.postinst
2020-06-21 21:12:04.000000000 +0200
@@ -2,6 +2,9 @@
set -e
+# Setup alternatives
+update-alternatives --install /lib/systemd/system/ipset.service ipset.service
/lib/systemd/system/netfilter-persistent.service 40
+
# Source debconf library
. /usr/share/debconf/confmodule
diff -Nru iptables-persistent-1.0.11/debian/ipset-persistent.prerm
iptables-persistent-1.0.14+deb10u1/debian/ipset-persistent.prerm
--- iptables-persistent-1.0.11/debian/ipset-persistent.prerm 1970-01-01
01:00:00.000000000 +0100
+++ iptables-persistent-1.0.14+deb10u1/debian/ipset-persistent.prerm
2020-06-21 21:12:04.000000000 +0200
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+# Remove alternatives
+update-alternatives --remove-all ipset.service
+
+#DEBHELPER#
diff -Nru iptables-persistent-1.0.11/debian/iptables.override
iptables-persistent-1.0.14+deb10u1/debian/iptables.override
--- iptables-persistent-1.0.11/debian/iptables.override 1970-01-01
01:00:00.000000000 +0100
+++ iptables-persistent-1.0.14+deb10u1/debian/iptables.override 2020-06-21
21:12:04.000000000 +0200
@@ -0,0 +1,2 @@
+[Unit]
+Conflicts=iptables.service ip6tables.service
diff -Nru iptables-persistent-1.0.11/debian/iptables-persistent.install
iptables-persistent-1.0.14+deb10u1/debian/iptables-persistent.install
--- iptables-persistent-1.0.11/debian/iptables-persistent.install
2018-10-10 13:08:41.000000000 +0200
+++ iptables-persistent-1.0.14+deb10u1/debian/iptables-persistent.install
2020-06-21 21:12:04.000000000 +0200
@@ -1,2 +1,4 @@
-plugins/15-ip4tables usr/share/netfilter-persistent/plugins.d/
-plugins/25-ip6tables usr/share/netfilter-persistent/plugins.d/
+#! /usr/bin/dh-exec
+plugins/15-ip4tables usr/share/netfilter-persistent/plugins.d/
+plugins/25-ip6tables usr/share/netfilter-persistent/plugins.d/
+debian/iptables.override =>
etc/systemd/system/netfilter-persistent.service.d/iptables.conf
diff -Nru iptables-persistent-1.0.11/debian/iptables-persistent.postinst
iptables-persistent-1.0.14+deb10u1/debian/iptables-persistent.postinst
--- iptables-persistent-1.0.11/debian/iptables-persistent.postinst
2018-10-10 13:08:41.000000000 +0200
+++ iptables-persistent-1.0.14+deb10u1/debian/iptables-persistent.postinst
2020-06-21 21:12:04.000000000 +0200
@@ -2,6 +2,10 @@
set -e
+# Setup alternatives
+update-alternatives --install /lib/systemd/system/iptables.service
iptables.service /lib/systemd/system/netfilter-persistent.service 40 \
+ --slave /lib/systemd/system/ip6tables.service ip6tables.service
/lib/systemd/system/netfilter-persistent.service
+
# Source debconf library
. /usr/share/debconf/confmodule
diff -Nru iptables-persistent-1.0.11/debian/iptables-persistent.prerm
iptables-persistent-1.0.14+deb10u1/debian/iptables-persistent.prerm
--- iptables-persistent-1.0.11/debian/iptables-persistent.prerm 1970-01-01
01:00:00.000000000 +0100
+++ iptables-persistent-1.0.14+deb10u1/debian/iptables-persistent.prerm
2020-06-21 21:12:04.000000000 +0200
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+# Setup alternatives
+update-alternatives --remove-all iptables.service
+
+#DEBHELPER#
diff -Nru iptables-persistent-1.0.11/debian/netfilter-persistent.default
iptables-persistent-1.0.14+deb10u1/debian/netfilter-persistent.default
--- iptables-persistent-1.0.11/debian/netfilter-persistent.default
2018-10-10 13:08:41.000000000 +0200
+++ iptables-persistent-1.0.14+deb10u1/debian/netfilter-persistent.default
2020-06-21 21:12:04.000000000 +0200
@@ -2,3 +2,9 @@
# Plugins may extend this file or have their own
FLUSH_ON_STOP=0
+
+# Set to yes to skip saving rules/sets when netfilter-persistent is called with
+# the save parameter
+# IPTABLES_SKIP_SAVE=yes
+# IP6TABLES_SKIP_SAVE=yes
+# IPSET_SKIP_SAVE=yes
diff -Nru iptables-persistent-1.0.11/debian/netfilter-persistent.install
iptables-persistent-1.0.14+deb10u1/debian/netfilter-persistent.install
--- iptables-persistent-1.0.11/debian/netfilter-persistent.install
2018-10-10 13:08:41.000000000 +0200
+++ iptables-persistent-1.0.14+deb10u1/debian/netfilter-persistent.install
2020-06-21 21:12:04.000000000 +0200
@@ -1,2 +1,2 @@
-usr
lib
+usr
diff -Nru iptables-persistent-1.0.11/netfilter-persistent
iptables-persistent-1.0.14+deb10u1/netfilter-persistent
--- iptables-persistent-1.0.11/netfilter-persistent 2019-02-09
03:10:09.000000000 +0100
+++ iptables-persistent-1.0.14+deb10u1/netfilter-persistent 2020-06-21
21:12:04.000000000 +0200
@@ -2,7 +2,7 @@
# This file is part of netfilter-persistent
# Copyright (C) 2014 Jonathan Wiltshire
-#
+#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation, either version 3
diff -Nru iptables-persistent-1.0.11/plugins/10-ipset
iptables-persistent-1.0.14+deb10u1/plugins/10-ipset
--- iptables-persistent-1.0.11/plugins/10-ipset 2019-02-09 03:10:09.000000000
+0100
+++ iptables-persistent-1.0.14+deb10u1/plugins/10-ipset 2020-06-21
21:12:04.000000000 +0200
@@ -17,23 +17,30 @@
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# Source configuration
+if [ -f "/etc/default/netfilter-persistent" ]; then
+ . /etc/default/netfilter-persistent
+fi
+
# Create the ipsets and populate them
load_sets ()
{
- #load ipset rules
- if [ ! -f /etc/iptables/ipsets ]; then
- echo "Warning: skipping IPv4 (no rules to load)"
- else
- ipset restore -exist < /etc/iptables/ipsets
- fi
+ #load ipset rules
+ if [ ! -f /etc/iptables/ipsets ]; then
+ echo "Warning: skipping IPv4 (no rules to load)"
+ else
+ ipset restore -exist < /etc/iptables/ipsets
+ fi
}
# Save current contents of the ipsets to file
save_sets ()
{
- touch /etc/iptables/ipsets
- chmod 0640 /etc/iptables/ipsets
- ipset save > /etc/iptables/ipsets
+ if [ ! "${IPSET_SKIP_SAVE}x" = "yesx" ]; then
+ touch /etc/iptables/ipsets
+ chmod 0640 /etc/iptables/ipsets
+ ipset save > /etc/iptables/ipsets
+ fi
}
# flush sets
@@ -45,19 +52,19 @@
case "$1" in
start|restart|reload|force-reload)
- load_sets
- ;;
+ load_sets
+ ;;
save)
- save_sets
- ;;
+ save_sets
+ ;;
stop)
- # While it makes sense to stop (delete) ipsets we keep the same
- # semanthics as ip(6)?tables rules
- echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""
- ;;
+ # While it makes sense to stop (delete) ipsets we keep the same
+ # semanthics as ip(6)?tables rules
+ echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""
+ ;;
flush)
- flush_sets
- ;;
+ flush_sets
+ ;;
*)
echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2
exit 1
diff -Nru iptables-persistent-1.0.11/plugins/15-ip4tables
iptables-persistent-1.0.14+deb10u1/plugins/15-ip4tables
--- iptables-persistent-1.0.11/plugins/15-ip4tables 2019-02-09
03:10:09.000000000 +0100
+++ iptables-persistent-1.0.14+deb10u1/plugins/15-ip4tables 2020-06-21
21:12:04.000000000 +0200
@@ -14,65 +14,63 @@
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# Source configuration
+if [ -f "/etc/default/netfilter-persistent" ]; then
+ . /etc/default/netfilter-persistent
+fi
+
load_rules()
{
- #load IPv4 rules
- if [ ! -f /etc/iptables/rules.v4 ]; then
- echo "Warning: skipping IPv4 (no rules to load)"
- else
- iptables-restore < /etc/iptables/rules.v4
- fi
+ #load IPv4 rules
+ if [ ! -f /etc/iptables/rules.v4 ]; then
+ echo "Warning: skipping IPv4 (no rules to load)"
+ else
+ iptables-restore < /etc/iptables/rules.v4
+ fi
}
save_rules()
{
- #save IPv4 rules
- #need at least iptable_filter loaded:
- modprobe -b -q iptable_filter || true
- if [ ! -f /proc/net/ip_tables_names ]; then
- echo "Warning: skipping IPv4 (Kernel support is missing)"
- else
- touch /etc/iptables/rules.v4
- chmod 0640 /etc/iptables/rules.v4
- iptables-save > /etc/iptables/rules.v4
- fi
+ if [ ! "${IPTABLES_SKIP_SAVE}x" = "yesx" ]; then
+ touch /etc/iptables/rules.v4
+ chmod 0640 /etc/iptables/rules.v4
+ iptables-save > /etc/iptables/rules.v4
+ fi
}
flush_rules()
{
- if [ ! -f /proc/net/ip_tables_names ]; then
- log_action_cont_msg "Warning: skipping IPv4 (Kernel support is
missing)"
- elif [ $(which iptables) ]; then
- for chain in INPUT FORWARD OUTPUT
- do
- iptables -P $chain ACCEPT
- done
- for param in F Z X; do iptables -$param; done
- for table in $(cat /proc/net/ip_tables_names)
- do
- iptables -t $table -F
- iptables -t $table -Z
- iptables -t $table -X
- done
- fi
+ TABLES=$(iptables-save | sed -E -n 's/^\*//p')
+ for table in $TABLES
+ do
+ CHAINS=$(iptables-save -t $table | sed -E -n 's/^:([A-Z]+).*/\1/p')
+ for chain in $CHAINS
+ do
+ # policy can't be set on user-defined chains
+ iptables -t $table -P $chain ACCEPT || true
+ done
+ iptables -t $table -F
+ iptables -t $table -Z
+ iptables -t $table -X
+ done
}
case "$1" in
start|restart|reload|force-reload)
- load_rules
- ;;
+ load_rules
+ ;;
save)
- save_rules
- ;;
+ save_rules
+ ;;
stop)
- # Why? because if stop is used, the firewall gets flushed for a variable
- # amount of time during package upgrades, leaving the machine vulnerable
- # It's also not always desirable to flush during purge
- echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""
- ;;
+ # Why? because if stop is used, the firewall gets flushed for a variable
+ # amount of time during package upgrades, leaving the machine vulnerable
+ # It's also not always desirable to flush during purge
+ echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""
+ ;;
flush)
- flush_rules
- ;;
+ flush_rules
+ ;;
*)
echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2
exit 1
diff -Nru iptables-persistent-1.0.11/plugins/25-ip6tables
iptables-persistent-1.0.14+deb10u1/plugins/25-ip6tables
--- iptables-persistent-1.0.11/plugins/25-ip6tables 2019-02-09
03:10:09.000000000 +0100
+++ iptables-persistent-1.0.14+deb10u1/plugins/25-ip6tables 2020-06-21
21:12:04.000000000 +0200
@@ -19,63 +19,56 @@
load_rules()
{
- #load IPv6 rules
- if [ ! -f /etc/iptables/rules.v6 ]; then
- echo "Warning: skipping IPv6 (no rules to load)"
- else
- ip6tables-restore < /etc/iptables/rules.v6
- fi
+ #load IPv6 rules
+ if [ ! -f /etc/iptables/rules.v6 ]; then
+ echo "Warning: skipping IPv6 (no rules to load)"
+ else
+ ip6tables-restore < /etc/iptables/rules.v6
+ fi
}
save_rules()
{
- #save IPv6 rules
- #need at least ip6table_filter loaded:
- modprobe -b -q ip6table_filter || true
- if [ ! -f /proc/net/ip6_tables_names ]; then
- log_action_cont_msg "Warning: skipping IPv6 (Kernel support is
missing)"
- else
- touch /etc/iptables/rules.v6
- ip6tables-save > /etc/iptables/rules.v6
- chmod 0640 /etc/iptables/rules.v6
- fi
+ if [ ! "${IPTABLES_SKIP_SAVE}x" = "yesx" ]; then
+ touch /etc/iptables/rules.v6
+ ip6tables-save > /etc/iptables/rules.v6
+ chmod 0640 /etc/iptables/rules.v6
+ fi
}
flush_rules()
{
- if [ ! -f /proc/net/ip6_tables_names ]; then
- echo "Warning: skipping IPv6 (Kernel support is missing)"
- elif [ $(which ip6tables) ]; then
- for chain in INPUT FORWARD OUTPUT
- do
- ip6tables -P $chain ACCEPT
- done
- for param in F Z X; do ip6tables -$param; done
- for table in $(cat /proc/net/ip6_tables_names)
- do
- ip6tables -t $table -F
- ip6tables -t $table -Z
- ip6tables -t $table -X
- done
- fi
+ TABLES=$(ip6tables-save | sed -E -n 's/^\*//p')
+ for table in $TABLES
+ do
+ CHAINS=$(ip6tables-save -t $table | sed -E -n 's/^:([A-Z]+).*/\1/p')
+ for chain in $CHAINS
+ do
+ # policy can't be set on user-defined chains
+ ip6tables -t $table -P $chain ACCEPT || true
+ done
+ ip6tables -t $table -F
+ ip6tables -t $table -Z
+ ip6tables -t $table -X
+ done
}
case "$1" in
start|restart|reload|force-reload)
- load_rules
- ;;
+ load_rules
+ ;;
save)
- save_rules
- ;;
+ save_rules
+ ;;
stop)
- # Why? because if stop is used, the firewall gets flushed for a variable
- # amount of time during package upgrades, leaving the machine vulnerable
- # It's also not always desirable to flush during purge
- echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""
- ;;
+ # Why? because if stop is used, the firewall gets flushed for a variable
+ # amount of time during package upgrades, leaving the machine vulnerable
+ # It's also not always desirable to flush during purge
+ echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""
+ ;;
flush)
- flush_rules
- ;;
+ flush_rules
+ ;;
*)
echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2
exit 1
diff -Nru iptables-persistent-1.0.11/plugins/40-ipset
iptables-persistent-1.0.14+deb10u1/plugins/40-ipset
--- iptables-persistent-1.0.11/plugins/40-ipset 2019-02-09 03:10:09.000000000
+0100
+++ iptables-persistent-1.0.14+deb10u1/plugins/40-ipset 2020-06-21
21:12:04.000000000 +0200
@@ -16,6 +16,11 @@
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# Source configuration
+if [ -f "/etc/default/netfilter-persistent" ]; then
+ . /etc/default/netfilter-persistent
+fi
+
# Create the ipsets and populate them
load_sets ()
{
@@ -37,19 +42,19 @@
case "$1" in
start|restart|reload|force-reload)
- load_sets
- ;;
+ load_sets
+ ;;
save)
- save_sets
- ;;
+ save_sets
+ ;;
stop)
- # While it makes sense to stop (delete) ipsets we keep the same
- # semanthics as ip(6)?tables rules
- echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""
- ;;
+ # While it makes sense to stop (delete) ipsets we keep the same
+ # semanthics as ip(6)?tables rules
+ echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""
+ ;;
flush)
- flush_sets
- ;;
+ flush_sets
+ ;;
*)
echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2
exit 1
diff -Nru iptables-persistent-1.0.11/systemd/netfilter-persistent.service
iptables-persistent-1.0.14+deb10u1/systemd/netfilter-persistent.service
--- iptables-persistent-1.0.11/systemd/netfilter-persistent.service
2019-02-09 03:10:09.000000000 +0100
+++ iptables-persistent-1.0.14+deb10u1/systemd/netfilter-persistent.service
2020-06-21 21:12:04.000000000 +0200
@@ -5,6 +5,7 @@
Before=network-pre.target shutdown.target
After=systemd-modules-load.service local-fs.target
Conflicts=shutdown.target
+Documentation=man:netfilter-persistent(8)
[Service]
Type=oneshot
--- End Message ---
