FS#42066 : iptables: Wrong syntax in iptables-restore

FS#42066 - iptables: Wrong syntax in iptables-restore

Attached to Project: Arch Linux
Opened by Noel Kuntze (thermi) - Monday, 22 September 2014, 12:39 GMT
Last edited by Gerardo Exequiel Pozzi (djgera) - Sunday, 27 March 2016, 15:57 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Ronald van Haren (pressh)
Architecture	All
Severity	Very Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:

The syntax used in the systemd.unit for iptables uses the wrong syntax of iptables-restore.
iptables-restore doesn't accept a file name as source of the rules.
The rules are provided to the program by piping them into stdin.
Hence ExecStart and ExecReload should use
"/usr/bin/sh -c '/usr/bin/iptables-restore < /etc/iptables/iptables.rules'"

Additional info:
Package version: 1.4.21-1

This task depends upon

Closed by Gerardo Exequiel Pozzi (djgera)
Sunday, 27 March 2016, 15:57 GMT
Reason for closing: Upstream

Comment by Dave Reisner (falconindy) - Tuesday, 23 September 2014, 10:42 GMT

Is there an actual problem here? The authoritative documentation (the source code) says that the syntax in the unit works just fine.

Comment by Noel Kuntze (thermi) - Tuesday, 23 September 2014, 11:38 GMT

Well, it works okay. The problem is that the manpage doesn't mention iptables-restore accepting a file name or path.
That causes confusion if users start debugging their ruleset and look at the service file.
That just happened to me. That's why I reported it.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#42066 - iptables: Wrong syntax in iptables-restore

Details

Loading...