Bug#519363: ifupdown: wpa-roam doesn't run (pre-|post-|)down scripts

Sun, 10 Jan 2016 19:22:05 -0800 

reopen 519363 !
thanks

I have an identical post-down line for Ethernet and WiFi interfaces, and
I'm bringing my interfaces up and down manually w/o --no-scripts (ifup
enp0s25, ifdown wlp3s0). Relevant bits from my interfaces file:

iface enp0s25 inet dhcp
    up iptables -t nat -A POSTROUTING -o enp0s25 -j MASQUERADE
    pre-down iptables -t nat -D POSTROUTING -o enp0s25 -j MASQUERADE

iface wlp3s0 inet manual
    wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
    up iptables -t nat -A POSTROUTING -o wlp3s0 -j MASQUERADE
    pre-down iptables -t nat -D POSTROUTING -o wlp3s0 -j MASQUERADE

iface dynamic inet dhcp

...where "dynamic" is the id_str value from wpa_supplicant.conf.

The "up" line works the same for enp0s25 and wlp3s0, but the "pre-down"
line only gets invoked for enp0s25. After I bring down wlp3s0 I still
see the rule in iptables:

angdraug@x1:~$ sudo iptables -L -v -n -t nat
...
Chain POSTROUTING (policy ACCEPT 584 packets, 91833 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        

angdraug@x1:~$ sudo ifup enp0s25 
...
bound to 192.168.1.7 -- renewal in 35335 seconds.
angdraug@x1:~$ sudo iptables -L -v -n -t nat
...
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
   21  2785 MASQUERADE  all  --  *      enp0s25  0.0.0.0/0            0.0.0.0/0 
          

angdraug@x1:~$ sudo ifdown enp0s25 
...
DHCPRELEASE on enp0s25 to 192.168.1.1 port 67
angdraug@x1:~$ sudo iptables -L -v -n -t nat
Chain POSTROUTING (policy ACCEPT 2 packets, 379 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        

angdraug@x1:~$ sudo ifup wlp3s0 
angdraug@x1:~$ sudo iptables -L -v -n -t nat
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
    1    40 MASQUERADE  all  --  *      wlp3s0  0.0.0.0/0            0.0.0.0/0  
         

angdraug@x1:~$ sudo ifdown wlp3s0 
...
DHCPRELEASE on wlp3s0 to 192.168.1.1 port 67
angdraug@x1:~$ sudo iptables -L -v -n -t nat
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
   48  3196 MASQUERADE  all  --  *      wlp3s0  0.0.0.0/0            0.0.0.0/0  
         

My whole setup is explained in more detail here:
https://plus.google.com/+DmitryBorodaenko/posts/NRs5UuGc4zu

-- 
Dmitry Borodaenko

Reply via email to