When I set more then one rule to net interface like this: rules_eth3="fwmark 3 table 30 priority 30 from 192.168.1.9/32 table 30 priority 202 from 192.168.1.9/32 table 30 priority 129" script up both rules, but down only first one. Reproducible: Always Steps to Reproduce: 1. Create more then one rule to interface in /etc/conf.d/net 2. Start interface 3. Stop interface Actual Results: teta ~ # ip rule list 0: from all lookup local 4: from all lookup main 7: from all lookup 7 10: from all fwmark 0x1 lookup 10 20: from all fwmark 0x2 lookup 20 110: from 81.13.33.64/27 lookup 10 120: from 212.188.21.0/24 lookup 20 200: from all lookup 200 32766: from all lookup main 32767: from all lookup default teta ~ # /etc/init.d/net.eth3 start * Caching service dependencies ... [ ok ] * Bringing up interface eth3 * 192.168.1.9/24 ... [ ok ] * Adding routes * default via 192.168.1.1 metric 3 table 200 ... [ ok ] * default via 192.168.1.1 metric 3 table 10 ... [ ok ] * default via 192.168.1.1 metric 3 table 20 ... [ ok ] * default via 192.168.1.1 metric 0 table 30 ... [ ok ] * Adding RPDB rules * Waiting for IPv6 addresses ... [ ok ] teta ~ # /etc/init.d/net.eth3 restart * Bringing down interface eth3 * Removing RPDB rules * Bringing up interface eth3 * 192.168.1.9/24 ... [ ok ] * Adding routes * default via 192.168.1.1 metric 3 table 200 ... [ ok ] * default via 192.168.1.1 metric 3 table 10 ... [ ok ] * default via 192.168.1.1 metric 3 table 20 ... [ ok ] * default via 192.168.1.1 metric 0 table 30 ... [ ok ] * Adding RPDB rules * Waiting for IPv6 addresses ... [ ok ] teta ~ # ip rule list 0: from all lookup local 4: from all lookup main 7: from all lookup 7 10: from all fwmark 0x1 lookup 10 20: from all fwmark 0x2 lookup 20 30: from all fwmark 0x3 lookup 30 110: from 81.13.33.64/27 lookup 10 120: from 212.188.21.0/24 lookup 20 129: from 192.168.1.9 lookup 30 129: from 192.168.1.9 lookup 30 200: from all lookup 200 202: from 192.168.1.9 lookup 30 202: from 192.168.1.9 lookup 30 32766: from all lookup main 32767: from all lookup default teta ~ # /etc/init.d/net.eth3 stop * Bringing down interface eth3 * Removing RPDB rules teta ~ # ip rule list 0: from all lookup local 4: from all lookup main 7: from all lookup 7 10: from all fwmark 0x1 lookup 10 20: from all fwmark 0x2 lookup 20 110: from 81.13.33.64/27 lookup 10 120: from 212.188.21.0/24 lookup 20 129: from 192.168.1.9 lookup 30 129: from 192.168.1.9 lookup 30 200: from all lookup 200 202: from 192.168.1.9 lookup 30 202: from 192.168.1.9 lookup 30 32766: from all lookup main 32767: from all lookup default Expected Results: teta ~ # ip rule list 0: from all lookup local 4: from all lookup main 7: from all lookup 7 10: from all fwmark 0x1 lookup 10 20: from all fwmark 0x2 lookup 20 110: from 81.13.33.64/27 lookup 10 120: from 212.188.21.0/24 lookup 20 200: from all lookup 200 32766: from all lookup main 32767: from all lookup default teta ~ # /etc/init.d/net.eth3 start * Caching service dependencies ... [ ok ] * Bringing up interface eth3 * 192.168.1.9/24 ... [ ok ] * Adding routes * default via 192.168.1.1 metric 3 table 200 ... [ ok ] * default via 192.168.1.1 metric 3 table 10 ... [ ok ] * default via 192.168.1.1 metric 3 table 20 ... [ ok ] * default via 192.168.1.1 metric 0 table 30 ... [ ok ] * Adding RPDB rules * Waiting for IPv6 addresses ... [ ok ] teta ~ # /etc/init.d/net.eth3 restart * Bringing down interface eth3 * Removing RPDB rules * Bringing up interface eth3 * 192.168.1.9/24 ... [ ok ] * Adding routes * default via 192.168.1.1 metric 3 table 200 ... [ ok ] * default via 192.168.1.1 metric 3 table 10 ... [ ok ] * default via 192.168.1.1 metric 3 table 20 ... [ ok ] * default via 192.168.1.1 metric 0 table 30 ... [ ok ] * Adding RPDB rules * Waiting for IPv6 addresses ... [ ok ] teta ~ # ip rule list 0: from all lookup local 4: from all lookup main 7: from all lookup 7 10: from all fwmark 0x1 lookup 10 20: from all fwmark 0x2 lookup 20 30: from all fwmark 0x3 lookup 30 110: from 81.13.33.64/27 lookup 10 120: from 212.188.21.0/24 lookup 20 129: from 192.168.1.9 lookup 30 200: from all lookup 200 202: from 192.168.1.9 lookup 30 32766: from all lookup main 32767: from all lookup default teta ~ # /etc/init.d/net.eth3 stop * Bringing down interface eth3 * Removing RPDB rules teta ~ # ip rule list 0: from all lookup local 4: from all lookup main 7: from all lookup 7 10: from all fwmark 0x1 lookup 10 20: from all fwmark 0x2 lookup 20 110: from 81.13.33.64/27 lookup 10 120: from 212.188.21.0/24 lookup 20 200: from all lookup 200 32766: from all lookup main 32767: from all lookup default I think problem in /lib/rc/net/iproute2.sh iproute2_post_start() have local rules="$(_get_array "rules_${IFVAR}")" but in iproute2_post_stop() different var definition: local rules="$(service_get_value "ip_rule")"
This has been fixed by commit a74382d9cb3d7f024efca46f2befb49e35c40758 http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=a74382d9 Thanks Artem, for reporting this bug! The fix will be included in the next openrc release and can be used already by using the git version resp. openrc-9999.
I am closing this since it was resolved a while back and is listed on the tracker.
*** Bug 382251 has been marked as a duplicate of this bug. ***
*** Bug 380603 has been marked as a duplicate of this bug. ***