Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 314529 - ebtables init script may not save all rules
Summary: ebtables init script may not save all rules
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Peter Volkov (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-10 15:14 UTC by Veovis
Modified: 2010-05-09 17:18 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
new ebtables.initd (ebtables,2.02 KB, text/plain)
2010-04-27 07:25 UTC, Veovis 		Details
diff of fixed ebtables.initd (ebtables.diff,1.10 KB, patch)
2010-04-27 10:23 UTC, Veovis 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Veovis 2010-04-10 15:14:10 UTC 
In some cases, =net-firewall/ebtables-2.0.9.1 init script may not save all rules.

ebtables init script checks against /proc/modules to select tables compiled into the kernel, but as a module. If none is found, the selected tables are thoses specified in /etc/conf.d/ebtables.

So this script works well if ebtables_* are compiled only as module.
If eltables_* are compiled into kernel and /etc/conf.d/ebtables is correct, the script works too.
But if you have some kernel modules and some compiled into kernel fonctionalities (as my case), the not-modularized tables are ignored by init script and so are not saved.

Reproducible: Always

Steps to Reproduce:
1. Compile a kernel with ebtables_filter as module, ebtables_broute as compiled, and ebtables_nat not selected. You should get thos line in .config:
CONFIG_BRIDGE_NF_EBTABLES=y
CONFIG_BRIDGE_EBT_BROUTE=y
CONFIG_BRIDGE_EBT_T_FILTER=m
# CONFIG_BRIDGE_EBT_T_NAT is not set

2. Install net-firewall/ebtables
3. Put some rules in broute table, e.g. : ebtables -t broute -A BROUTING -p ipv6 -j ACCEPT
4. Save the rules with init scrit : /etc/init.d/ebtables save
Actual Results:  
/var/lib/ebtables/rules-save has default rule only for filter table

Expected Results:  
/var/lib/ebtables/rules-save should have a default rule for filter table, and my rule for broute table
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-10 22:04:23 UTC 
Looks valid, assigning to maintainer.
Comment 2 Veovis 2010-04-27 07:25:06 UTC 
Created attachment 229357 [details]
new ebtables.initd

This fix the mentioned problem.
It obsoletes $TABLES_NAMES, and save all available tables.
Principe for determining tables to save is the same as the Debian's
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2010-04-27 08:07:57 UTC 
Please, do not resolve bugs until it is resoved or I'll miss it from my searches.
Also could you attach diff?
Comment 4 Veovis 2010-04-27 10:23:29 UTC 
Created attachment 229371 [details, diff]
diff of fixed ebtables.initd

Sorry for status change, I didn't know...

This is the diff with ebtables 2.0.9.1
Only the first change is meaningful, the others in checkconfig() and stop() are just rewrite, but do the same things.
Comment 5 Peter Volkov (RETIRED) gentoo-dev 2010-05-09 17:18:17 UTC 
Fixed in ebtables-2.0.9.2-r1.

I've modified your suggestion a bit to use function instead of calling ebtables every time init script runs. Also [[ ]] constructions are not allowed in init scripts, since they are bash specific while init scripts should work with every posix shell. Please try and report in case of any troubles.

Thank you for report and fix, Veovis.