tags 651903 + patch thanks
Independently of the discussion if iptables-persistent should save the ruleset by default or not... The attached patch add some extra checks if IPv6 is enabled or not during postinst. Cheers, Andreas
From 048ec60ca0549f9a2a5d011f93884cd8117c557d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20R=C3=BCtten?= <[email protected]> Date: Sat, 21 Apr 2012 02:02:09 +0200 Subject: [PATCH] Add some extra checks if IPv6 is available --- debian/iptables-persistent.postinst | 22 +++++++++++++++------- 1 files changed, 15 insertions(+), 7 deletions(-) diff --git a/debian/iptables-persistent.postinst b/debian/iptables-persistent.postinst index 8d3a565..8f8aa16 100644 --- a/debian/iptables-persistent.postinst +++ b/debian/iptables-persistent.postinst @@ -14,20 +14,28 @@ configure) if [ "x$RET" != "xtrue" ]; then db_get iptables-persistent/autosave_v4 || true if [ "x$RET" = "xtrue" ]; then - modprobe -q iptable_filter - if [ $? -eq 0 ] && [ -f /proc/net/ip_tables_names ]; then - iptables-save > /etc/iptables/rules.v4 + modprobe -q iptable_filter + if [ $? -eq 0 ] && [ -f /proc/net/ip_tables_names ]; then + iptables-save > /etc/iptables/rules.v4 else echo "IPv4: Unable to save (module not loaded)" fi fi db_get iptables-persistent/autosave_v6 || true if [ "x$RET" = "xtrue" ]; then - modprobe -q ip6table_filter - if [ $? -eq 0 ] && [ -f /proc/net/ip_tables_names ]; then - ip6tables-save > /etc/iptables/rules.v6 + if [ ! -d /proc/sys/net/ipv6 ] ; then + echo "IPv6 support is disabled. Can't safe IPv6 rules" else - echo "IPv6: Unable to save (module not loaded)" + if [ -r /proc/sys/net/ipv6/conf/default/disable_ipv6 -a `cat /proc/sys/net/ipv6/conf/default/disable_ipv6` = '1' ]; then + echo "IPv6 support is disabled. Can't safe IPv6 rules" + else + modprobe -q ip6table_filter + if [ $? -eq 0 ] && [ -f /proc/net/ip_tables_names ]; then + ip6tables-save > /etc/iptables/rules.v6 + else + echo "IPv6: Unable to save (module not loaded)" + fi + fi fi fi -- 1.7.5.4
signature.asc
Description: PGP signature
