895484 – net-vpn/libreswan: should have "iptables" and "nftables" USE flags

Bug 895484 - net-vpn/libreswan: should have "iptables" and "nftables" USE flags

Summary: net-vpn/libreswan: should have "iptables" and "nftables" USE flags

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Hans de Graaff

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-02-20 00:14 UTC by Maciej S. Szmigiero
Modified:	2023-02-20 01:00 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Maciej S. Szmigiero 2023-02-20 00:14:59 UTC

Running net-vpn/libreswan init script (/etc/init.d/ipsec start) gives me the following error:
> * Starting ipsec ...
> /usr/sbin/ipsec: line 171: iptables: command not found

This is because this system doesn't have iptables installed.

Libreswan upstream build system supports choosing the selected firewall implementation by setting either "HAVE_NFTABLES" or "HAVE_IPTABLES" build-time variable.

The net-vpn/libreswan ebuild doesn't set either so "HAVE_IPTABLES" gets enabled by default [1].
On systems without iptables installed this gives the aforementioned error.

Instead, the net-vpn/libreswan ebuild should have "iptables" and "nftables" USE flags, for selecting the preferred implementation at the emerge time.

Note that recently it had become possible to have both firewall implementations disabled for Libreswan [2].


[1]: https://github.com/libreswan/libreswan/blob/085907fa9786d6afdb0b612565d0b9b0b7a0db0c/mk/defaults/linux.mk#L110
[2]: https://github.com/libreswan/libreswan/commit/bddc2be2a9f3d2d20880defea501adfdc3891747