Package: orphan-sysvinit-scripts Version: 0.07 Hi,
I just got orphan-sysvinit-scripts pulled in on a few boxes where I happen to have nftables installed but rules are still defined and loaded by iptables, called by a locally-defined init script. /etc/rcS.d/ contains (among others): S10iptables-rules S11networking S12nftables Since /etc/nftables.conf is empty (as shipped), this ends up wiping out my rules, and I need to fix that with 'update-rc.d nftables remove'. Perhaps a NEWS entry should be made for this, or more aggressively, users should be advised to 'update-rc.d nftables defaults' as they see fit, considering they have lived thus far without a distribution-shipped init script. Another comment: my iptables-rules init script says: # Required-Start: $local_fs # Required-Stop: # Default-Start: S # Default-Stop: which makes sense to me. The points: load the rules before any network interfaces are brought up, and, why would I ever want the rules to be automatically unloaded during shutdown? By contrast, the nftables script says: # Required-Start: $local_fs $network # Required-Stop: $local_fs $network # Should-Start: # Default-Start: S # Default-Stop: 0 1 6 Which has stop actions (which actually flush the ruleset) and loads *after* network interfaces are already up. Thanks, Gedalya
