From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Soren Hansen <soren@ubuntu.com>, netfilter-devel@vger.kernel.org
Subject: Re: Automatically load modules in iptables-save
Date: Thu, 19 Mar 2009 14:58:18 +0100 [thread overview]
Message-ID: <49C24F7A.4030700@trash.net> (raw)
In-Reply-To: <alpine.LSU.2.00.0903191452550.27642@fbirervta.pbzchgretzou.qr>
Jan Engelhardt wrote:
> On Thursday 2009-03-19 14:50, Soren Hansen wrote:
>
>> On Thu, Mar 19, 2009 at 02:05:54PM +0100, Patrick McHardy wrote:
>>
>>>>> If the iptables modules are not loaded when iptables-save is run,
>>>>> iptables-save will fail, because it can't open the relevant files in
>>>>> /proc. This patch makes iptables-save attempt to load the modules,
>>>>> and then retries.
>>>>>
>> Right. I thought about just silently bailing out, but decided to go this
>> route instead. Explanation follows.
>>
>> $ sudo iptables-save
>> iptables-save v1.4.1.1: Unable to open /proc/net/ip_tables_names: No such file or directory
>> $ echo $?
>> 1
>>
>> I decided to try to load the modules instead of just silently returning,
>>
>
> IMHO, it should not fail, not even silently, but return success.
> If x_tables.ko is not loaded, there cannot be any tables active
> anyway, and thus would be equal to a loaded x_tables.ko with
> no table modules (iptable_filter, etc.) loaded.
>
That's my opinion as well. I've never understood why so many things are
silently
activated by "list" or "dump" commands.
>> so that if iptables-save succeeds, you can reasonably expect
>> iptables-restore to work as well.
>>
>
> `echo '' | iptables-restore` does work. One more reason to
> make iptables-save not outputting anything returning 0.
>
Agreed.
next prev parent reply other threads:[~2009-03-19 13:58 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-16 17:10 Automatically load modules in iptables-save Soren Hansen
2009-03-19 12:55 ` Soren Hansen
2009-03-19 13:05 ` Patrick McHardy
2009-03-19 13:50 ` Soren Hansen
2009-03-19 13:55 ` Jan Engelhardt
2009-03-19 13:58 ` Patrick McHardy [this message]
2009-03-19 14:29 ` Soren Hansen
2009-03-19 14:31 ` Jan Engelhardt
2009-03-19 15:43 ` Soren Hansen
2009-03-19 16:02 ` Jan Engelhardt
2009-03-19 17:00 ` Soren Hansen
2009-03-20 18:42 ` Patrick McHardy
2009-03-19 16:43 ` Soren Hansen
-- strict thread matches above, loose matches on Subject: below --
2009-03-16 11:42 Soren Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49C24F7A.4030700@trash.net \
--to=kaber@trash.net \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=soren@ubuntu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.