Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#45462 - [iptables] Move /var/lib/iptables/empty* to /usr/share/iptables/

Attached to Project: Arch Linux
Opened by Janusz Lewandowski (LEW21) - Wednesday, 24 June 2015, 21:36 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 24 June 2015, 21:56 GMT
Task Type Feature Request
Category Packages: Core
Status Assigned
Assigned To Ronald van Haren (pressh)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 1
Private No


According to the Filesystem Hierarchy Standard, /var/lib is used for variable state information, and /usr/share is for shareable, read-only, architecture-independent data. /var/lib/iptables/empty* aren't ever modified by the system, and are used to reset iptables to the empty state. Therefore /usr/share seems to be a better place for them.

Also, it would move Arch closer to supporting volatile systems according to

BTW, it might be worth it to also move /etc/iptables/{empty,simple_firewall}.rules to /usr/share/iptables, as they aren't used as config by default, so there is no reason for them to be in /etc. This way all the package files would be in /usr. In case you decide not to move them, then probably backup=('/etc/iptables/empty.rules' '/etc/iptables/simple_firewall.rules') should be added to the PKGBUILD, so they'll be subject to the pacnew/pacsave system.
This task depends upon