Control: tags 829640 + patch Control: tags 829640 + pending Dear maintainer,
I've prepared an NMU for iptables-persistent (versioned as 1.0.4+nmu1), I'll look for an sponsor and upload it. I worked with the git repo but I didn't push to alioth until you agree or the updated package is on the archive. I've tested this change on machines with different configurations IPv4, IPv6, DCHP, SLAAC and it worked fine. My firewall rules set the DROP policy, this change should not disrupt any user that allows ESTABLISHED and RELATED connections. Regards. -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 keybase: https://keybase.io/gfa
diff -Nru iptables-persistent-1.0.4/debian/changelog iptables-persistent-1.0.4+nmu1/debian/changelog --- iptables-persistent-1.0.4/debian/changelog 2016-01-03 03:46:08.000000000 +0800 +++ iptables-persistent-1.0.4+nmu1/debian/changelog 2016-08-21 13:05:39.000000000 +0800 @@ -1,3 +1,11 @@ +iptables-persistent (1.0.4+nmu1) unstable; urgency=low + + * Non-maintainer upload. + * Loads the firewall before network-pre.target, as suggested by systemd + upstream. (Closes: #829640). + + -- gustavo panizzo <[email protected]> Sun, 21 Aug 2016 13:05:39 +0800 + iptables-persistent (1.0.4) unstable; urgency=medium * [d52b9e] During flush, set policy before flushing rules (Closes: #749790) diff -Nru iptables-persistent-1.0.4/debian/compat iptables-persistent-1.0.4+nmu1/debian/compat --- iptables-persistent-1.0.4/debian/compat 2016-01-03 03:46:08.000000000 +0800 +++ iptables-persistent-1.0.4+nmu1/debian/compat 2016-08-21 13:05:06.000000000 +0800 @@ -1 +1 @@ -7 +9 diff -Nru iptables-persistent-1.0.4/debian/control iptables-persistent-1.0.4+nmu1/debian/control --- iptables-persistent-1.0.4/debian/control 2016-01-03 03:46:08.000000000 +0800 +++ iptables-persistent-1.0.4+nmu1/debian/control 2016-08-21 13:05:06.000000000 +0800 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Jonathan Wiltshire <[email protected]> Build-Depends: debhelper (>= 7.0.50~), dh-systemd, po-debconf -Standards-Version: 3.9.5 +Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/cgit/collab-maint/iptables-persistent.git/ Vcs-Git: git://anonscm.debian.org/collab-maint/iptables-persistent.git diff -Nru iptables-persistent-1.0.4/debian/rules iptables-persistent-1.0.4+nmu1/debian/rules --- iptables-persistent-1.0.4/debian/rules 2016-01-03 03:46:08.000000000 +0800 +++ iptables-persistent-1.0.4+nmu1/debian/rules 2016-08-21 13:05:06.000000000 +0800 @@ -4,5 +4,5 @@ dh_installinit -- start 37 S . stop 37 0 1 6 . %: - dh --with systemd $@ + dh $@ --with systemd diff -Nru iptables-persistent-1.0.4/plugins/15-ip4tables iptables-persistent-1.0.4+nmu1/plugins/15-ip4tables --- iptables-persistent-1.0.4/plugins/15-ip4tables 2016-01-03 03:46:08.000000000 +0800 +++ iptables-persistent-1.0.4+nmu1/plugins/15-ip4tables 2016-08-21 13:05:06.000000000 +0800 @@ -35,8 +35,8 @@ if [ ! -f /proc/net/ip_tables_names ]; then echo "Warning: skipping IPv4 (no modules loaded)" elif [ -x /sbin/iptables-save ]; then - touch /etc/iptables/rules.v4 - chmod 0640 /etc/iptables/rules.v4 + touch /etc/iptables/rules.v4 + chmod 0640 /etc/iptables/rules.v4 iptables-save > /etc/iptables/rules.v4 if [ $? -ne 0 ]; then rc=1 diff -Nru iptables-persistent-1.0.4/plugins/25-ip6tables iptables-persistent-1.0.4+nmu1/plugins/25-ip6tables --- iptables-persistent-1.0.4/plugins/25-ip6tables 2016-01-03 03:46:08.000000000 +0800 +++ iptables-persistent-1.0.4+nmu1/plugins/25-ip6tables 2016-08-21 13:05:06.000000000 +0800 @@ -35,8 +35,8 @@ if [ ! -f /proc/net/ip6_tables_names ]; then log_action_cont_msg "Warning: skipping IPv6 (no modules loaded)" elif [ -x /sbin/ip6tables-save ]; then - touch /etc/iptables/rules.v6 - chmod 0640 /etc/iptables/rules.v6 + touch /etc/iptables/rules.v6 + chmod 0640 /etc/iptables/rules.v6 ip6tables-save > /etc/iptables/rules.v6 if [ $? -ne 0 ]; then rc=1 diff -Nru iptables-persistent-1.0.4/systemd/netfilter-persistent.service iptables-persistent-1.0.4+nmu1/systemd/netfilter-persistent.service --- iptables-persistent-1.0.4/systemd/netfilter-persistent.service 2016-01-03 03:46:08.000000000 +0800 +++ iptables-persistent-1.0.4+nmu1/systemd/netfilter-persistent.service 2016-08-21 13:05:39.000000000 +0800 @@ -1,7 +1,8 @@ [Unit] Description=netfilter persistent configuration DefaultDependencies=no -Before=network.target +Before=network-pre.target +Wants=network-pre.target Wants=systemd-modules-load.service local-fs.target After=systemd-modules-load.service local-fs.target
signature.asc
Description: PGP signature
