(Linux) firewall.sh processing IPv6 chains when IPv6 is disabled (Devuan 5, non-systemd)

[jordan-ivpn]

Bug report

Error when enabling firewall:

$ ivpn firewall -persistent_on
Error: Failed to execute shell command: exit status 1

Error connecting:

ivpn connect nl.gw.ivpn.net
[OpenVPN] Connecting to: Amsterdam, NL (Netherlands) nl.gw.ivpn.net UDP:2049...
Connecting...
Disconnecting...

Error: failed to connect: failed to change firewall state : failed to execute shell command: exit status 1

Since there is no systemd to launch the daemon, customer is running it manually:

ivpn-service start &

OS details:

• https://distrowatch.com/table.php?distribution=devuan
• 2023-08-15: Distribution Release: Devuan GNU+Linux 5.0.0
• https://devuan.org/

$ /etc/os-release
PRETTY_NAME="Devuan GNU/Linux 5 (daedalus)" 
NAME="Devuan GNU/Linux" VERSION_ID="5" 
VERSION="5 (daedalus)" VERSION_CODENAME="daedalus" 
ID=devuan ID_LIKE=debian

$ uname -a
Linux hostname 6.6.0mmc #2 SMP PREEMPT_DYNAMIC Sat Dec  2 15:14:39 EST 2023 x86_64 GNU/Linux

Packages are installed and available

$ whereis iptables
iptables: /usr/sbin/iptables /usr/share/iptables /usr/share/man/man8/iptables.8.gz

$ whereis nft
nft: /usr/sbin/nft /usr/share/man/man8/nft.8.gz

$ sudo /opt/ivpn/e/opt/ivpn/etc/firewall.sh -enable
[sudo] password for user:
ip6tables: Failed to initialize nft: Protocol not supported

$whereis ip6tables
/usr/sbin/ip6tables

iptables is already the newest version (1.8.9-2).

Ran these commands to disable IPv6, then rebooted the system:

echo 'net.ipv6.conf.all.disable_ipv6=1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.default.disable_ipv6=1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.lo.disable_ipv6=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Edit /opt/ivpn/etc/firewall.sh to give verbose output:

#!/bin/bash -x

Output of sudo /opt/ivpn/etc/firewall.sh -enable:

+ IPv4BIN=iptables
+ IPv6BIN=ip6tables
+ LOCKWAITTIME=2
+ IN_IVPN=IVPN-IN
+ OUT_IVPN=IVPN-OUT
+ FORWARD_IVPN=IVPN-FORWARD
+ OUT_IVPN_DNS=IVPN-OUT-DNS
+ IN_IVPN_IF0=IVPN-IN-VPN0
+ OUT_IVPN_IF0=IVPN-OUT-VPN0
+ IN_IVPN_IF1=IVPN-IN-VPN
+ OUT_IVPN_IF1=IVPN-OUT-VPN
+ FORWARD_IVPN_IF=IVPN-FORWARD-VPN
+ IN_IVPN_STAT_EXP=IVPN-IN-STAT-EXP
+ OUT_IVPN_STAT_EXP=IVPN-OUT-STAT-EXP
+ IN_IVPN_STAT_USER_EXP=IVPN-IN-STAT-USER-EXP
+ OUT_IVPN_STAT_USER_EXP=IVPN-OUT-STAT-USER-EXP
+ IN_IVPN_ICMP_EXP=IVPN-IN-ICMP-EXP
+ OUT_IVPN_ICMP_EXP=IVPN-OUT-ICMP-EXP
+ IVPN_OUT_DNSONLY=IVPN-OUT-DNSONLY
+ _splittun_packets_fwmark_value=0xca6c
+ _splittun_comment='IVPN Split Tunneling'
+ _splittun_cgroup_classid=0x4956504e
+ main -enable ip6tables
+ [[ -enable = \-\e\n\a\b\l\e ]]
+ enable_firewall
+ get_firewall_enabled
+ chain_exists iptables IVPN-OUT
+ local bin=iptables
+ local chain_name=IVPN-OUT
--More--(61%)
+ iptables -w 2 -n -L IVPN-OUT
+ ((  1 == 0  ))
+ only_dns_off
+ chain_exists iptables IVPN-OUT-DNSONLY
+ local bin=iptables
+ local chain_name=IVPN-OUT-DNSONLY
+ iptables -w 2 -n -L IVPN-OUT-DNSONLY
+ '[' 1 -ne 0 ']'
+ return 0
+ set -e
+ '[' -f /proc/net/if_inet6 ']'
+ create_chain ip6tables IVPN-IN
+ local bin=ip6tables
+ local chain_name=IVPN-IN
+ chain_exists ip6tables IVPN-IN
+ local bin=ip6tables
+ local chain_name=IVPN-IN
+ ip6tables -w 2 -n -L IVPN-IN
+ ip6tables -w 2 -N IVPN-IN
ip6tables: Failed to initialize nft: Protocol not supported

The + '[' -f /proc/net/if_inet6 ']' line is 161:
https://github.com/ivpn/desktop-app/blob/4262d0576e261b4007500ce180905c8ab08ac2dd/daemon/References/Linux/etc/firewall.sh#L161C5-L161C39

It is as if the IPv6 check fails on a Devuan/non-systemd system. Whether the lack of systemd has anything to do with it is unknown.