Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependency on debian iptables service #73

Merged
merged 1 commit into from
Nov 14, 2022
Merged

Add dependency on debian iptables service #73

merged 1 commit into from
Nov 14, 2022

Conversation

oliparcol
Copy link
Contributor

Pull Request (PR) description

This PR adds a Before declaration on netfilter-persistent.service which is the service in Debian and Ubuntu that restores the iptables rules.

This Pull Request (PR) fixes the following issues

This PR prevents netfilter-persistent.service from failing on non-existent ipset.

@oliparcol
Copy link
Contributor Author

Please note that the CI is failing on code already in master.

@bastelfreak
Copy link
Member

@oliparcol thanks for the PR. can you please rebase against master?

@oliparcol
Adding dependency on debian iptables service.
a385a87 
The systemd service restoring iptables rules in debian/ubuntu is
`netfilter-persistent.service`.
@oliparcol
Copy link
Contributor Author

done, sorry for the delay

kenyon
kenyon reviewed Nov 12, 2022
View reviewed changes
Copy link
Member

@kenyon kenyon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if netfilter-persistent is not installed?

@oliparcol
Copy link
Contributor Author

What if netfilter-persistent is not installed?

It works (ubuntu/debian has the same issue with iptables.service ip6tables.service that don't exist) but I agree, it's not very clean. How about I refactor the PR to pass the firewall services to firewall_service and I initialize this variable with either iptables.service ip6tables.service or netfilter-persistent.service depending on OS family ?

kenyon
kenyon approved these changes Nov 13, 2022
View reviewed changes
Copy link
Member

@kenyon kenyon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah OK, I just tested it, systemd doesn't care if a unit listed in Before= doesn't exist, it doesn't give an error or warning. So this seems fine as is.

@bastelfreak bastelfreak merged commit 4c0d473 into voxpupuli:master Nov 14, 2022
@bastelfreak bastelfreak added the bug Something isn't working label Nov 14, 2022
@bastelfreak bastelfreak changed the title Adding dependency on debian iptables service. Add dependency on debian iptables service. Nov 14, 2022
@bastelfreak bastelfreak changed the title Add dependency on debian iptables service. Add dependency on debian iptables service Nov 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kenyon kenyon kenyon approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@oliparcol @bastelfreak @kenyon