Re: [ptxdist] [PATCH] Add persistant iptable-rules via systemd

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

From: "Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>
To: "Schenk, Gavin" <G.Schenk@eckelmann.de>
Cc: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>
Subject: Re: [ptxdist] [PATCH] Add persistant iptable-rules via systemd
Date: Thu, 7 Apr 2016 11:20:26 +0200	[thread overview]
Message-ID: <20160407092026.GW10108@pengutronix.de> (raw)
In-Reply-To: <D415CD2EC4182C4EAB90A76B7D9F16DC018D3AD5F2@EX-DAG02.eckelmann.group>

Hello,

On Thu, Apr 07, 2016 at 09:14:01AM +0000, Schenk, Gavin wrote:
> > > +diff --git a/scripts/ip6tables-flush b/scripts/ip6tables-flush new
> > > +file mode 100755 index 000000000000..95086b0470d3
> > > +--- /dev/null
> > > ++++ b/scripts/ip6tables-flush
> > > +@@ -0,0 +1,13 @@
> > > ++#!/bin/sh
> > > ++ip6tables -F
> > > ++ip6tables -X
> > > ++ip6tables -Z
> > > ++for table in $(</proc/net/ip6_tables_names)
> > 
> > What happens if there is no ipv6 iptables support in the kernel? Maybe catch
> > that with an error message?
> > 
> 
> This is what happens on both ipv4 and ipv6:
> iptables-flush 
> modprobe: module ip_tables not found in modules.dep
> iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
> modprobe: module ip_tables not found in modules.dep
> iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
> modprobe: module ip_tables not found in modules.dep
> iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
> /usr/sbin/iptables-flush: line 5: /proc/net/ip_tables_names: No such file or directory
> modprobe: module ip_tables not found in modules.dep
> iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
> modprobe: module ip_tables not found in modules.dep
> iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
> modprobe: module ip_tables not found in modules.dep
> iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
> 
> 
> What is a good way to detect if the kernel supports iptables? 
> Instead of digging into /proc my idea is to add something like:
> 
> iptables --list &> /dev/null
> IPTABLES_SUPPORT=$?

Assuming this does the trick, this has the added benefit that module
loading is tried.

> 
> If [ $IPTABLES_SUPPORT -gt 0 ]; then
> 	echo "iptables is not supported by your kernel"
> 	exit $IPTABLES_SUPPORT
> fi

I'd use:

	if ! iptables --list >/dev/null 2>&1; then

(note that &> is a bashism and for example doesn't work with dash).

Best regards
Uwe

-- 
Pengutronix e.K.                           | Uwe Kleine-König            |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

next prev parent reply	other threads:[~2016-04-07  9:20 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-07  7:24 Gavin Schenk
2016-04-07  8:11 ` Uwe Kleine-König
2016-04-07  9:14   ` Schenk, Gavin
2016-04-07  9:20     ` Uwe Kleine-König [this message]
2016-04-07  9:25       ` Schenk, Gavin
2016-04-07 10:10 Gavin Schenk
2016-04-07 11:59 ` Uwe Kleine-König
2016-04-07 12:24 ` Michael Olbrich
2016-04-07 12:21 Gavin Schenk
2016-04-08 13:04 Gavin Schenk
2016-04-11 10:00 ` Michael Olbrich
2016-04-11 12:08   ` Schenk, Gavin
2016-04-11 12:44     ` Michael Olbrich
2016-04-11 12:19 Gavin Schenk
2016-04-11 17:46 ` Uwe Kleine-König
2016-04-12  8:35   ` Michael Olbrich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160407092026.GW10108@pengutronix.de \
    --to=u.kleine-koenig@pengutronix.de \
    --cc=G.Schenk@eckelmann.de \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox