Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 760246

Summary: net-firewall/iptables resets eselect selection to xtables-legacy-multi when xtables-nft-multi was active
Product: Gentoo Linux Reporter: Oliver <genbug20>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED FIXED    
Severity: normal CC: ave
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Oliver 2020-12-16 12:20:07 UTC 
before installing net-firewall/iptables-1.8.5

# eselect iptables list
Available iptables symlink targets:
  [1]   xtables-legacy-multi
  [2]   xtables-nft-multi *

after finishing installing it becomes

# eselect iptables list
Available iptables symlink targets:
  [1]   xtables-legacy-multi *
  [2]   xtables-nft-multi

This is probably due to unconditionally "eselect iptables unset" in pkg_prerm without preserving the state. Later on in pkg_postinst it is set to the default (legacy) due to being unset at this point.


There is possibly another (cosmetic?) problem in pkg_postinst: in the "use nftables" part "setting to default (legacy)" is being logged but it actually sets it to nft...


Reproducible: Always

Steps to Reproduce:
1. eselect iptables set 2 (xtables-nft-multi)
2. eselect iptables show (to confirm)
3. emerge net-firewall/iptables
4. eselect iptables show

Actual Results:  
2. [2] xtables-nft-multi *

4. [1] xtables-legacy-multi *

Expected Results:  
4. [2] xtables-nft-multi *
Comment 1 Yury Katuar 2021-07-23 15:03:29 UTC 
I confirm, this behavior still persists. Every time iptables is re-emerged the setting is reset to legacy and breaks things, e.g. docker networking which still doesn't support nft natively and needs this compatibility layer.
Comment 2 Larry the Git Cow gentoo-dev 2021-07-23 15:57:19 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a950794bde5d33d035a3726f99cc3cbfa618c437

commit a950794bde5d33d035a3726f99cc3cbfa618c437
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2021-07-23 15:54:56 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2021-07-23 15:57:16 +0000

    net-firewall/iptables: bypass 'eselect iptables unset' on upgrades
    
    Closes: https://bugs.gentoo.org/760246
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-firewall/iptables/iptables-1.8.7.ebuild | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)