Bug#1090753: miniupnpd-nftables: fails to start: nft_init.sh logic check failure

Wed, 18 Dec 2024 09:51:15 -0800 

Package: miniupnpd-nftables
Version: 2.3.7-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

miniupnpd stopped working so I had another poke at it--the nft_init.sh script 
opens with a check
to see if $TABLE exists in nft rules, but $TABLE is defined as filter in 
miniupnpd_functions.sh

This will always fail the check because the filter table is where everything 
goes so anybody who's
using nftables for anything will have it already.

Not sure why it's broken now because I don't think any of these files have 
changed recently but
it sure is.

I commented that check out and miniupnpd seems to work again (or at least it 
runs and adds chains
to nftables).

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.3-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages miniupnpd-nftables depends on:
ii  libc6       2.40-4
ii  libmnl0     1.0.5-3
ii  libnftnl11  1.2.8-1
ii  miniupnpd   2.3.7-1

miniupnpd-nftables recommends no packages.

miniupnpd-nftables suggests no packages.

-- Configuration Files:
/etc/miniupnpd/nft_init.sh changed:
. "$(dirname "$0")/miniupnpd_functions.sh"
echo "Creating nftables structure"
cat > /tmp/miniupnpd.nft <<EOF
table inet $TABLE {
    chain forward {
        type filter hook forward priority 0;
        policy accept;
        # miniupnpd
        jump $CHAIN
        # Add other rules here
    }
    # miniupnpd
    chain $CHAIN {
    }
EOF
if [ "$TABLE" != "$NAT_TABLE" ]
then
cat >> /tmp/miniupnpd.nft <<EOF
}
table inet $NAT_TABLE {
EOF
fi
cat >> /tmp/miniupnpd.nft <<EOF
    chain prerouting {
        type nat hook prerouting priority -100;
        policy accept;
        # miniupnpd
        jump $PREROUTING_CHAIN
        # Add other rules here
    }
    chain postrouting {
        type nat hook postrouting priority 100;
        policy accept;
        # miniupnpd
        jump $POSTROUTING_CHAIN
        # Add other rules here
    }
    chain $PREROUTING_CHAIN {
    }
    chain $POSTROUTING_CHAIN {
    }
}
EOF
$NFT -f /tmp/miniupnpd.nft


-- no debconf information

Reply via email to