Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why does ifupdown2 does not remove old entries? #248

Open
dandud100 opened this issue Dec 8, 2022 · 10 comments
Open

Why does ifupdown2 does not remove old entries? #248

dandud100 opened this issue Dec 8, 2022 · 10 comments

Comments

@dandud100
Copy link

Hello, I am using ifupdown2 on my Proxmox but I found out, that if I remove something in my interfaces.new and append it, it will not remove it from my iptables. I ran iptables-save to see this.

Is this normal behavior? It is so annoying to remove the not needed bridges by myself. Also I need to restart my server to get this applied.
@dandud100 dandud100 changed the title Why does ifupdown2 does not remove old entrys? Why does ifupdown2 does not remove old entries? Dec 8, 2022
@julienfortin
Copy link
Contributor

Hi @dandud100

Can you show clarify your request by showing example of your configuration, commands that you are running and old entries not removed?

Thanks

@dandud100
Copy link
Author

dandud100 commented Dec 9, 2022
edited
Loading

Hi @dandud100

Can you show clarify your request by showing example of your configuration, commands that you are running and old entries not removed?

Thanks

My network.interfaces.new (censored)

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp4s0
iface enp4s0 inet static
	address 5.x.x.x/27
	gateway 5.x.x.x
	pointopoint 5.x.x.x
	up route add -net 5.x.x.x netmask 255.255.255.224 gw 5.x.x.x dev enp4s0
# route 5.x.x.x/27 via 5.x.x.x

iface enp4s0 inet6 static
	address 2a01:x:x:x::2/64
	gateway fe80::1

auto vmbr0
iface vmbr0 inet static
	address 5.x.x.x/27
	bridge-ports none
	bridge-stp off
	bridge-fd 0

iface vmbr0 inet6 static
	address 2a01:x:x:x::2/64

auto vmbr1
iface vmbr1 inet static
	address 192.168.0.254/24
	bridge-ports none
	bridge-stp off
	bridge-fd 0
	post-up echo 1 > /proc/sys/net/ipv4/ip_forward
	post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o enp4s0 -j MASQUERADE
	post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o enp4s0 -j MASQUERADE
	############################
	# VM/Container 100 
	# Interne IP:192.168.0.100' 
	# 
	# Dienst: "Remote Desktop RDP" mit Port: 3389 erreichbar über 5.x.x.x:3389 
	post-up iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 3389 -j DNAT --to 192.168.0.100:3389 
	post-down iptables -t nat -D PREROUTING -i enp4s0 -p tcp --dport 3389 -j DNAT --to 192.168.0.100:3389 
	#
	# Dienst: "SFTP" mit Port: 22 erreichbar über 5.x.x.x:1021 
	post-up iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 1021 -j DNAT --to 192.168.0.100:21 
	post-down iptables -t nat -D PREROUTING -i enp4s0 -p tcp --dport 1021 -j DNAT --to 192.168.0.100:21
        ############################

For example i remove the last two entries (1021 -> 21), saving the file and append it via proxmox interface 7.3-3.

Then i run iptables-save > /etc/network/interfaces/rules.v4 and inspecting it.

# Generated by iptables-save v1.8.7 on Sun Dec  4 18:40:40 2022
*raw
:PREROUTING ACCEPT [1048991:297288166]
:OUTPUT ACCEPT [37100:13388446]
COMMIT
# Completed on Sun Dec  4 18:40:40 2022
# Generated by iptables-save v1.8.7 on Sun Dec  4 18:40:40 2022
*filter
:INPUT ACCEPT [740:305855]
:FORWARD ACCEPT [28143:11639838]
:OUTPUT ACCEPT [703:190298]
COMMIT
# Completed on Sun Dec  4 18:40:40 2022
# Generated by iptables-save v1.8.7 on Sun Dec  4 18:40:40 2022
*nat
:PREROUTING ACCEPT [8903:756608]
:INPUT ACCEPT [350:19235]
:OUTPUT ACCEPT [14:838]
:POSTROUTING ACCEPT [1000:53345]
-A PREROUTING -i enp4s0 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.0.100:3389
-A PREROUTING -i enp4s0 -p tcp -m tcp --dport 1021 -j DNAT --to-destination 192.168.0.100:21
-A POSTROUTING -s 192.168.0.0/24 -o enp4s0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/24 -o enp4s0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/24 -o enp4s0 -j MASQUERADE

And seeing it is still in there. (Ignore the time stamp in this file, i know it is from sunday.)

@julienfortin
Copy link
Contributor

Can you also post ifreload -ad logs? You should be able to see which commands were executed.

@dandud100
Copy link
Author

ifreload -ad

ifreload -ad
debug: args = Namespace(all=True, currentlyup=False, CLASS=None, iflist=[], noact=False, verbose=False, debug=True, withdepends=False, perfmode=False, nocache=False, excludepats=None, usecurrentconfig=False, syslog=False, force=False, syntaxcheck=False, version=None, nldebug=False)
debug: creating ifupdown object ..
info: requesting link dump
info: requesting address dump
info: requesting netconf dump
debug: nlcache: reset errorq
debug: {'use_daemon': 'no', 'template_enable': '1', 'template_engine': 'mako', 'template_lookuppath': '/etc/network/ifupdown2/templates', 'default_interfaces_configfile': '/etc/network/interfaces', 'disable_cli_interfacesfile': '0', 'addon_syntax_check': '0', 'addon_scripts_support': '1', 'addon_python_modules_support': '1', 'multiple_vlan_aware_bridge_support': '1', 'ifquery_check_success_str': 'pass', 'ifquery_check_error_str': 'fail', 'ifquery_check_unknown_str': '', 'ifquery_ifacename_expand_range': '0', 'link_master_slave': '1', 'delay_admin_state_change': '0', 'ifreload_down_changed': '0', 'addr_config_squash': '0', 'ifaceobj_squash': '0', 'adjust_logical_dev_mtu': '1', 'state_dir': '/run/network/'}
info: loading builtin modules from ['/usr/share/ifupdown2/addons']
info: module openvswitch not loaded (module init failed: no /usr/bin/ovs-vsctl found)
info: module openvswitch_port not loaded (module init failed: no /usr/bin/ovs-vsctl found)
info: module ppp not loaded (module init failed: no /usr/bin/pon found)
info: module batman_adv not loaded (module init failed: no /usr/sbin/batctl found)
debug: bridge: using reserved vlan range (0, 0)
debug: bridge: init: warn_on_untagged_bridge_absence=False
debug: bridge: init: vxlan_bridge_default_igmp_snooping=None
debug: bridge: init: arp_nd_suppress_only_on_vxlan=False
debug: bridge: init: bridge_always_up_dummy_brport=None
info: executing /sbin/sysctl net.bridge.bridge-allow-multiple-vlans
debug: bridge: init: multiple vlans allowed True
info: module mstpctl not loaded (module init failed: no /sbin/mstpctl found)
info: executing /bin/ip rule show
info: executing /bin/ip -6 rule show
info: module ethtool not loaded (module init failed: /sbin/ethtool: not found)
info: address: using default mtu 1500
info: address: max_mtu undefined
info: executing /usr/sbin/ip vrf id
info: mgmt vrf_context = False
info: dhclient: dhclient_retry_on_failure set to 0
info: executing /bin/ip addr help
info: address metric support: OK
info: module ethtool not loaded (module init failed: /sbin/ethtool: not found)
info: module ppp not loaded (module init failed: no /usr/bin/pon found)
info: module mstpctl not loaded (module init failed: no /sbin/mstpctl found)
info: module batman_adv not loaded (module init failed: no /usr/sbin/batctl found)
info: module openvswitch_port not loaded (module init failed: no /usr/bin/ovs-vsctl found)
info: module openvswitch not loaded (module init failed: no /usr/bin/ovs-vsctl found)
info: looking for user scripts under /etc/network
info: loading scripts under /etc/network/if-pre-up.d ...
info: loading scripts under /etc/network/if-up.d ...
info: loading scripts under /etc/network/if-post-up.d ...
info: loading scripts under /etc/network/if-pre-down.d ...
info: loading scripts under /etc/network/if-down.d ...
info: loading scripts under /etc/network/if-post-down.d ...
info: 'link_master_slave' is set. slave admin state changes will be delayed till the masters admin state change.
info: using mgmt iface default prefix eth
debug: reloading interface config ..
info: processing interfaces file /etc/network/interfaces
debug: processing sourced line ..'source /etc/network/interfaces.d/*'
info: no interfaces to down ..
info: reload: scheduling up on interfaces: ['lo', 'enp4s0', 'vmbr0', 'vmbr1']
debug: scheduling '['pre-up', 'up', 'post-up']' for ['lo', 'enp4s0', 'vmbr0', 'vmbr1']
debug: dependency graph {
        lo : []
        enp4s0 : []
        vmbr0 : []
        vmbr1 : []
}
debug: graph roots (interfaces that dont have dependents): ['lo', 'enp4s0', 'vmbr0', 'vmbr1']
info: lo: running ops ...
debug: lo: pre-up : running module xfrm
debug: lo: pre-up : running module link
debug: lo: pre-up : running module bond
debug: lo: pre-up : running module vlan
debug: lo: pre-up : running module vxlan
debug: lo: pre-up : running module usercmds
debug: lo: pre-up : running module bridge
debug: lo: pre-up : running module bridgevlan
debug: lo: pre-up : running module tunnel
debug: lo: pre-up : running module vrf
debug: lo: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.lo.input=0
debug: lo: up : running module dhcp
debug: lo: up : running module address
debug: lo: up : running module addressvirtual
debug: lo: up : running module usercmds
debug: lo: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
warning: lo: up cmd '/etc/network/if-up.d/postfix' failed ([Errno 13] Permission denied: '/etc/network/if-up.d/postfix')
debug: lo: post-up : running module usercmds
debug: lo: statemanager sync state pre-up
info: enp4s0: running ops ...
debug: enp4s0: pre-up : running module xfrm
debug: enp4s0: pre-up : running module link
debug: enp4s0: pre-up : running module bond
debug: enp4s0: pre-up : running module vlan
debug: enp4s0: pre-up : running module vxlan
debug: enp4s0: pre-up : running module usercmds
debug: enp4s0: pre-up : running module bridge
debug: enp4s0: pre-up : running module bridgevlan
debug: enp4s0: pre-up : running module tunnel
debug: enp4s0: pre-up : running module vrf
debug: enp4s0: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.enp4s0.input=0
info: enp4s0: primary ip changed (from 5.x.x.x/27 to 5.x.x.65/32) we need to purge all ip addresses and re-add them
info: enp4s0: netlink: ip addr del 5.x.x.65/32 dev enp4s0
  File "/usr/sbin/ifreload", line 131, in <module>
    sys.exit(main())
  File "/usr/sbin/ifreload", line 119, in main
    return stand_alone()
  File "/usr/sbin/ifreload", line 103, in stand_alone
    status = ifupdown2.main()
  File "/usr/share/ifupdown2/ifupdown/main.py", line 77, in main
    self.handlers.get(self.op)(self.args)
  File "/usr/share/ifupdown2/ifupdown/main.py", line 284, in run_reload
    ifupdown_handle.reload(['pre-up', 'up', 'post-up'],
  File "/usr/share/ifupdown2/ifupdown/ifupdownmain.py", line 2437, in reload
    self._reload_default(*args, **kargs)
  File "/usr/share/ifupdown2/ifupdown/ifupdownmain.py", line 2415, in _reload_default
    ret = self._sched_ifaces(new_filtered_ifacenames, upops,
  File "/usr/share/ifupdown2/ifupdown/ifupdownmain.py", line 1558, in _sched_ifaces
    ifaceScheduler.sched_ifaces(self, ifacenames, ops,
  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 588, in sched_ifaces
    cls.run_iface_list(ifupdownobj, run_queue, ops,
  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 318, in run_iface_list
    cls.run_iface_graph(ifupdownobj, ifacename, ops, parent,
  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 308, in run_iface_graph
    cls.run_iface_list_ops(ifupdownobj, ifaceobjs, ops)
  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 181, in run_iface_list_ops
    cls.run_iface_op(ifupdownobj, ifaceobj, op,
  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 102, in run_iface_op
    m.run(ifaceobj, op,
  File "/usr/share/ifupdown2/addons/address.py", line 1401, in run
    op_handler(self, ifaceobj,
  File "/usr/share/ifupdown2/addons/address.py", line 1036, in _pre_up
    self.process_addresses(ifaceobj, ifaceobj_getfunc, force_reapply)
  File "/usr/share/ifupdown2/addons/address.py", line 605, in process_addresses
    self.log_warn(str(e))
  File "/usr/share/ifupdown2/ifupdownaddons/modulebase.py", line 97, in log_warn
    traceback.print_stack()
Traceback (most recent call last):
  File "/usr/share/ifupdown2/lib/nlcache.py", line 3214, in addr_del
    result = self.tx_nlpacket_get_response_with_error(packet)
  File "/usr/share/ifupdown2/lib/nlcache.py", line 2277, in tx_nlpacket_get_response_with_error
    raise Exception(error_str)
Exception: operation failed with 'Cannot assign requested address' (99)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/share/ifupdown2/addons/address.py", line 603, in process_addresses
    self.netlink.addr_del(ifname, addr)
  File "/usr/share/ifupdown2/lib/nlcache.py", line 3222, in addr_del
    raise NetlinkError(e, "cannot delete address %s dev %s" % (addr, ifname), ifname=ifname)
lib.nlcache.NetlinkError: netlink: enp4s0: cannot delete address 5.x.x.65/32 dev enp4s0: operation failed with 'Cannot assign requested address' (99)
warning: netlink: enp4s0: cannot delete address 5.x.x.65/32 dev enp4s0: operation failed with 'Cannot assign requested address' (99)
info: enp4s0: netlink: ip addr add 5.x.x.x/27 dev enp4s0 peer 5.x.x.65/32
debug: enp4s0: up : running module dhcp
debug: enp4s0: up : running module address
info: executing /bin/ip route add default via 5.x.x.65 proto kernel dev enp4s0 onlink
info: executing /bin/ip route add default via fe80::1 proto kernel dev enp4s0 onlink
debug: enp4s0: up : running module addressvirtual
debug: enp4s0: up : running module usercmds
info: executing route add -net 5.x.x.64 netmask 255.255.255.224 gw 5.x.x.65 dev enp4s0
debug: enp4s0: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
warning: enp4s0: up cmd '/etc/network/if-up.d/postfix' failed ([Errno 13] Permission denied: '/etc/network/if-up.d/postfix')
debug: enp4s0: post-up : running module usercmds
debug: enp4s0: statemanager sync state pre-up
info: vmbr0: running ops ...
debug: vmbr0: pre-up : running module xfrm
debug: vmbr0: pre-up : running module link
debug: vmbr0: pre-up : running module bond
debug: vmbr0: pre-up : running module vlan
debug: vmbr0: pre-up : running module vxlan
debug: vmbr0: pre-up : running module usercmds
debug: vmbr0: pre-up : running module bridge
info: vmbr0: bridge already exists
info: vmbr0: applying bridge settings
info: vmbr0: reset bridge-hashel to default: 4
info: vmbr0: reset bridge-hashmax to default: 512
info: reading '/sys/class/net/vmbr0/bridge/stp_state'
info: vmbr0: netlink: ip link set dev vmbr0 type bridge (with attributes)
debug: attributes: {26: 4, 27: 512}
debug: vmbr0: pre-up : running module bridgevlan
debug: vmbr0: pre-up : running module tunnel
debug: vmbr0: pre-up : running module vrf
debug: vmbr0: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.vmbr0.input=0
info: writing '0' to file /proc/sys/net/ipv4/conf/vmbr0/arp_accept
debug: vmbr0: up : running module dhcp
debug: vmbr0: up : running module address
debug: vmbr0: up : running module addressvirtual
debug: vmbr0: up : running module usercmds
debug: vmbr0: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
warning: vmbr0: up cmd '/etc/network/if-up.d/postfix' failed ([Errno 13] Permission denied: '/etc/network/if-up.d/postfix')
debug: vmbr0: post-up : running module usercmds
debug: vmbr0: statemanager sync state pre-up
info: vmbr1: running ops ...
debug: vmbr1: pre-up : running module xfrm
debug: vmbr1: pre-up : running module link
debug: vmbr1: pre-up : running module bond
debug: vmbr1: pre-up : running module vlan
debug: vmbr1: pre-up : running module vxlan
debug: vmbr1: pre-up : running module usercmds
debug: vmbr1: pre-up : running module bridge
info: vmbr1: bridge already exists
info: vmbr1: applying bridge settings
info: vmbr1: reset bridge-hashel to default: 4
info: vmbr1: reset bridge-hashmax to default: 512
info: reading '/sys/class/net/vmbr1/bridge/stp_state'
info: vmbr1: netlink: ip link set dev vmbr1 type bridge (with attributes)
debug: attributes: {26: 4, 27: 512}
info: vmbr1: port tap100i0 will stay enslaved as it matches with bridge-ports-condone-regex
info: vmbr1: port veth102i0 will stay enslaved as it matches with bridge-ports-condone-regex
info: vmbr1: port tap104i0 will stay enslaved as it matches with bridge-ports-condone-regex
info: vmbr1: applying bridge configuration specific to ports
debug: vmbr1: cannot find bridgeports
debug: vmbr1: _get_bridge_mac returned (None, None)
info: executing /sbin/bridge fdb replace de:x:x:x:x:x dev vmbr1  self 
debug: vmbr1: pre-up : running module bridgevlan
debug: vmbr1: pre-up : running module tunnel
debug: vmbr1: pre-up : running module vrf
debug: vmbr1: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.vmbr1.input=0
info: writing '0' to file /proc/sys/net/ipv4/conf/vmbr1/arp_accept
debug: vmbr1: up : running module dhcp
debug: vmbr1: up : running module address
debug: vmbr1: up : running module addressvirtual
debug: vmbr1: up : running module usercmds
debug: vmbr1: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
warning: vmbr1: up cmd '/etc/network/if-up.d/postfix' failed ([Errno 13] Permission denied: '/etc/network/if-up.d/postfix')
debug: vmbr1: post-up : running module usercmds
info: executing echo 1 > /proc/sys/net/ipv4/ip_forward
info: executing iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o enp4s0 -j MASQUERADE
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 3389 -j DNAT --to 192.168.0.100:3389
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 1021 -j DNAT --to 192.168.0.100:21
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 990 -j DNAT --to 192.168.0.100:990
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 989 -j DNAT --to 192.168.0.100:989
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 10987 -j DNAT --to 192.168.0.100:10987
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 10986 -j DNAT --to 192.168.0.100:10986
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 10985 -j DNAT --to 192.168.0.100:10985
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p udp --dport 27016 -j DNAT --to 192.168.0.100:27016
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p udp --dport 25565 -j DNAT --to 192.168.0.100:25565
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 25565 -j DNAT --to 192.168.0.100:25565
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p udp --dport 25566 -j DNAT --to 192.168.0.100:25566
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 25566 -j DNAT --to 192.168.0.100:25566
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 8124 -j DNAT --to 192.168.0.100:8124
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p udp --dport 7777 -j DNAT --to 192.168.0.100:7777
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 7777 -j DNAT --to 192.168.0.100:7777
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p udp --dport 27015 -j DNAT --to 192.168.0.100:27015
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p udp --dport 28015 -j DNAT --to 192.168.0.100:28015
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 1122 -j DNAT --to 192.168.0.101:22
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p udp --dport 9987 -j DNAT --to 192.168.0.102:9987
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 30033 -j DNAT --to 192.168.0.102:30033
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 10011 -j DNAT --to 192.168.0.102:10011
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p udp --dport 2010 -j DNAT --to 192.168.0.102:2010
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 41144 -j DNAT --to 192.168.0.102:41144
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 2008 -j DNAT --to 192.168.0.102:2008
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 1222 -j DNAT --to 192.168.0.102:22
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 8087 -j DNAT --to 192.168.0.102:8087
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 1322 -j DNAT --to 192.168.0.103:22
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 1422 -j DNAT --to 192.168.0.104:22
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 2022 -j DNAT --to 192.168.0.104:2022
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 80 -j DNAT --to 192.168.0.104:80
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 8080 -j DNAT --to 192.168.0.104:8080
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 443 -j DNAT --to 192.168.0.104:443
info: executing iptables -t nat -A PREROUTING -i enp4s0 -p udp --dport 34197 -j DNAT --to 192.168.0.104:34197
debug: vmbr1: statemanager sync state pre-up
debug: saving state ..
info: exit status 0

@itkfm
Copy link

itkfm commented Feb 2, 2023

Seems like ifreload -a does not execute post-down commands

@PanForPancakes
Copy link

PanForPancakes commented Dec 7, 2023
edited
Loading

Can confirm, post-downs are not being executed, which is not intuitive.
It would be really nice if ifreload did though

@hd-px
Copy link

hd-px commented Dec 14, 2023

Can also confirm, that the (pre/post-)down hooks are only executed if an interface gets removed, which is described in the documentation as well.

$ man ifreload
Runs ifdown on interfaces that were removed from the file and subsequently runs ifup on all interfaces.

The Question is, does this behavior make sense ?

@julienfortin
Copy link
Contributor

I don't have the bandwidth to look into this, but i agree with you guys, ifreload should also pre/post-down on removed interfaces.

@itkfm
Copy link

itkfm commented Dec 22, 2023

ifreload should also pre/post-down on removed interfaces.

It should also do so on non-removed ones, just like it executes pre/post-up on them.

@itkfm
Copy link

itkfm commented Sep 26, 2024

The Question is, does this behavior make sense ?

Does it make sense? Technically, yes.
Is it useful? Practically, no.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@julienfortin @dandud100 @itkfm @PanForPancakes @hd-px