This is probably a regression introduced by commit 191595ea91dcf ("net-firewall/nftables: refactor init.d/nftables into libexec/nftable.sh"): /etc/init.d/nftables calls /usr/libexec/nftables/nftables.sh and the latter uses SAVE_OPTIONS variable (only if use_legacy, which is a bug of it's own BTW) but that is not defined since it's not passed along by the init-script itself. That SAVE_OPTIONS variable is present in /etc/conf.d/nftables, in case you're wondering. Reproducible: Always Actual Results: Even after setting SAVE_OPTIONS, they are not used when saving nftables state. Expected Results: SAVE_OPTIONS is passed to nft call regardless of use_legacy.
Here's how I fixed this issue for myself, I think it's the simplest solution: diff --git a/net-firewall/nftables/files/libexec/nftables.sh b/net-firewall/nftables/files/libexec/nftables.sh index f720b9bfc514f..cc55f8566000d 100755 --- a/net-firewall/nftables/files/libexec/nftables.sh +++ b/net-firewall/nftables/files/libexec/nftables.sh @@ -27,7 +27,7 @@ main() { "store") local tmp_save="${NFTABLES_SAVE}.tmp" if ! use_legacy; then - nft list ruleset > ${tmp_save} + nft ${SAVE_OPTIONS} list ruleset > ${tmp_save} else save_legacy ${tmp_save} fi diff --git a/net-firewall/nftables/files/nftables.init b/net-firewall/nftables/files/nftables.init index 217251e41db49..b96cc19564e30 100644 --- a/net-firewall/nftables/files/nftables.init +++ b/net-firewall/nftables/files/nftables.init @@ -83,6 +83,7 @@ save() { ebegin "Saving nftables state" checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" checkpath -q -m 0600 -f "${NFTABLES_SAVE}" + export SAVE_OPTIONS /usr/libexec/nftables/nftables.sh store ${NFTABLES_SAVE} return $? }
Fixed in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73651790d96992c366b3666e6dda1af1a62c6b0f Date: Sat Jan 7 06:54:28 2017 -0800 net-firewall/nftables: Fix SAVE_OPTIONS bug in libexec scripts The libexec script doesn't honor the SAVE_OPTIONS variable. This commit fixes that issue. Thanks to Phil@nwl.cc for providing the fix for the issue. Gentoo-bug: 603228 Package-Manager: Portage-2.3.3, Repoman-2.3.1