Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 895484 - net-vpn/libreswan: should have "iptables" and "nftables" USE flags
Summary: net-vpn/libreswan: should have "iptables" and "nftables" USE flags
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Hans de Graaff
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-20 00:14 UTC by Maciej S. Szmigiero
Modified: 2023-02-20 01:00 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Maciej S. Szmigiero 2023-02-20 00:14:59 UTC
Running net-vpn/libreswan init script (/etc/init.d/ipsec start) gives me the following error:
> * Starting ipsec ...
> /usr/sbin/ipsec: line 171: iptables: command not found

This is because this system doesn't have iptables installed.

Libreswan upstream build system supports choosing the selected firewall implementation by setting either "HAVE_NFTABLES" or "HAVE_IPTABLES" build-time variable.

The net-vpn/libreswan ebuild doesn't set either so "HAVE_IPTABLES" gets enabled by default [1].
On systems without iptables installed this gives the aforementioned error.

Instead, the net-vpn/libreswan ebuild should have "iptables" and "nftables" USE flags, for selecting the preferred implementation at the emerge time.

Note that recently it had become possible to have both firewall implementations disabled for Libreswan [2].


[1]: https://github.com/libreswan/libreswan/blob/085907fa9786d6afdb0b612565d0b9b0b7a0db0c/mk/defaults/linux.mk#L110
[2]: https://github.com/libreswan/libreswan/commit/bddc2be2a9f3d2d20880defea501adfdc3891747