Hello,
the backports process has recently been updated, please see the new
documentation:
https://wiki.ubuntu.com/UbuntuBackports
I'm closing this bug, but please feel free to open a new bug (or reopen
this bug) using the new process, if appropriate.
** Changed in: bionic-backports
> I'll monitor the "-backports" discussion and let's see from there.
Looks like the backports pocket will be available again. I added bionic-
backports so that this request can be found from that end, since it
looks like backports was something being considered. I don't intend to
imply any
I think 'backports' would have been a great place to have this behavior
change in Bionic while keep the current one in -updates.
I just came across an email about 'backports' about to die (from
rbasak). Let's see what is the outcome and rely on the flock()
alternative for now.
I'll monitor the
For backports, a straight build of 1.6.2 would perhaps be enough. Might
not seem a version change big enough for backports, but as we have seen,
it does introduce a change of behavior that impacts existing firewall
scripts.
--
You received this bug notification because you are a member of Ubuntu
I'm on the same page.
Maybe we should leave the package in -update as is and go with the
flock() alternative.
OR evaluate if, let's say, the Focal's iptables could be backported
(if feasible) in bionic-backports.
That way, one who wants the 'wait' and 'wait-interval' to be available
could
I tested this last change, and it does exactly what we wanted for
iptables, the tool. And since that behavior is shared with all tools of
the iptables suite, it means iptables-restore got that fix too (good!),
but it also introduces a change in behavior for iptables-restore (bad!).
When compared
Excellent progress Eric, thanks!
I'll give it a try.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1791958
Title:
iptables-restore is missing -w option
Status in
New testpackage: iptables - 1.6.1-2ubuntu2+testpkg20210706b8
Note: If that works as expected for Andreas. The only things that needed
would be to update the manpage, which I didn't do on this current test
pkg.
--
You received this bug notification because you are a member of Ubuntu
Touch
Both 'iptables' and 'ip*tables-restores' sleep and wait until the lock
is released if no 'wait' option. If 'wait' option is set, it wait for
the amount of time instructed and stop waiting.
I think the printed message make more sense now :
# time cat /etc/rules.v4 | iptables-restore -c
Another
I'll work to re-arrange the fprintf if 'wait' option is used or not and
see the outcome of it.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1791958
Title:
Version in comment #12 is "iptables - 1.6.1-2ubuntu2+testpkg20210706b4"
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1791958
Title:
iptables-restore is missing -w
I have a new test pkg:
This pkg keeps the same behavior for 'iptables'
# Hold the lock:
flock /run/xtables.lock sleep 36000
# It holds and wait until flock() finishes or get killed, and then get executed.
iptables -L
# With 'wait' option, it waits until the wait time is ended:
time iptables
Thanks for the b3 version!
It restores the bionic implicit lock behavior (as if -w was given), but
when given a specific value, in the end it ignores that it couldn't
acquire the lock and moves on:
In all these tests, I have a lock held.
We have a chain called "andreas". See how -L waits 1
What about "iptables - 1.6.1-2ubuntu2+testpkg20210629b3" ?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1791958
Title:
iptables-restore is missing -w option
Status in
Thanks Andreas. I'll be working on a minimalistic patch set (if
feasible)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1791958
Title:
iptables-restore is missing -w
Thanks Andreas. I'll be working on a minimalistic patch set
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1791958
Title:
iptables-restore is missing -w option
Status
+1 for a backport, I don't think 1.6.2 is suitable for an SRU,
specifically about one change I noticed with test packages that I think
can break existing firewall scripts.
The locking code is shared between tools, so in 1.6.2, not only do we
get iptables-{save,restore} with -w support, but
Wearing my SRU-hat here, I think we need to consider a few things:
* Generally for SRUs we prefer not to pull in new upstream releases if there
is no need. So of course, if possible, cherry-picking fixes is preferred.
* But on the other hand, if the number of changes that need to be performed
Look like a potential patchset to backport without having to bump
version in stable release:
6e2e169eb iptables: remove duplicated argument parsing code
24f81746 xshared: do not lock again and again if "-w" option is not specified
72bb3dbf0 xshared: using the blocking file lock request when we
Look like a potential patchset to backport without having to bump
version in stable release:
I'll test it, and then will alk w/ the SRU verification team to see if
eligible for SRU.
commit 6e2e169eb66b63d2991e1c7ada931e3cdb0ced32
Author: Lorenzo Colitti
Date: Thu Mar 16 16:55:01 2017 +0900
Look like a potential patchset to backport without having to bump
version in stable release:
21ba5b38 ip{,6}tables-restore: Don't accept wait-interval without wait
d89dc47a iptables-restore/save: exit when given an unknown option
65801d02 iptables-restore.8: document -w/-W options
999eaa24
1.6.2 in 18.04 would be a life saver as I have hit this issue and the
only resolution is to compile iptables myself. I can verify that 1.6.2
resolves this issue and I havn't had any other problems on 18.04 as far
as other tools calling 1.6.2
--
You received this bug notification because you are
Seems like the point release would be a reasonable SRU.
Mark
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1791958
Title:
iptables-restore is missing -w option
Status
** Changed in: iptables (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1791958
Title:
iptables-restore is missing -w option
24 matches
Mail list logo
