Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#5884 - iptables init script fails while stopping
|
DetailsThe /etc/rc.d/iptables script fails while stopping.
The script tries to flush, zero and delete all user-defined chains from the tables filter, nat, mangle and raw, presuming all of these exsist. The following effect is, that starting iptables again fails, too, because the /var/run/iptables file is not removed then. It would be better to read /proc/net/ip_tables_names to get the names of the tables which are actually in use (and known by the kernel). Furthermore, for the default policies, we could lookup the names of the chains of each table, using iptables -t $T -n -L and some grep/sed/whatever command to filter them out, so we could set the default policy to ACCEPT of each tables' chain without "hardcoding" all the names in the script. |
This task depends upon
Closed by Roman Kyrylych (Romashka)
Friday, 24 November 2006, 16:46 GMT
Reason for closing: Duplicate
Additional comments about closing: http://bugs.archlinux.org/task/5735 is now reopened.
Friday, 24 November 2006, 16:46 GMT
Reason for closing: Duplicate
Additional comments about closing: http://bugs.archlinux.org/task/5735 is now reopened.
However I agree with some of your points.
It surely works at least for those, who use a kernel from the repositories.
However, my kernel does not know anything about mangle or raw table (I don't even have compiled those as modules) so the script fails for me and for all those, who have some similar kernel configuration.
I guess that another downside of this issue is, that the script (or better: iptables) would load the appropriate modules when I stop /etc/rc.d/iptables, if the modules would exist.