1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1068678: nftables: on sysvinit the init script does not start nftab

    From Jeremy Sowden@21:1/5 to Davide Baldini on Tue Apr 9 10:20:01 2024
    On 2024-04-09, at 02:35:51 +0200, Davide Baldini wrote:
    Package: nftables
    Version: 1.0.6-2+deb12u2
    Severity: normal

    Dear Maintainer,

    the installation of nftables completed via apt from the stable repository leads to the creation of the following init script on a system with sysvinit without Systemd:

    /etc/init.d/nftables

    whose LSB section is:

    ### BEGIN INIT INFO
    # Provides: nftables
    # Required-Start: $local_fs $network
    # Required-Stop: $local_fs $network
    # Should-Start:
    # Default-Start: S
    # Default-Stop: 0 1 6
    # Short-Description: Loads nftables firewall rules
    # Description: Loads nftables firewall rules
    ### END INIT INFO

    The "Default-Start" tag is set to "S", which is problematic as it causes the script to never run at boot. If "S" is replaced by "1 2 3" the script
    instead runs at boot as intended. This seems to be a general problem with
    all init scripts under Debian whose "Default-Start" tag is set to "S".

    The nftables package has not installed an init-script for many years.
    It provides an example script in
    /usr/share/doc/nftables/examples/sysvinit, along with a README file
    which reads in part:

    The file /usr/share/doc/nftables/examples/sysvinit/nftables.init is a
    typical sysvinit script for you to use as /etc/init.d/nftables.

    Given Debian default init system is systemd, I have no intention to
    support sysvinit apart of providing this example file.

    Read the script carefully before using it, as is just an example. You
    will likely require to manually edit and install the script in order
    to properly use it.

    If your system has an init script installed, then either it was left
    over when the nftables package stopped providing one, because it had
    been locally modified and so was not removed, or it was manually
    installed as described in the README.

    J.

    For example, I created the test file

    /etc/init.d/test.sh

    with the following content:

    #!/bin/bash

    ### BEGIN INIT INFO
    # Provides: test
    # Required-Start:
    # Required-Stop:
    # Should-Start:
    # Default-Start: S
    # Default-Stop: 0 1 6
    # Short-Description: Test
    # Description: Test
    ### END INIT INFO

    echo $(date) "$@" >>/root/test.txt

    and I enable it with:

    update-rc.d test.sh defaults

    which results in these, and only these, rc symlinks being created:

    rc0.d/K01test.sh
    rc1.d/K01test.sh
    rc6.d/K01test.sh
    rcS.d/S01test.sh

    After rebooting the system from an empty '/root/test.txt' file, the contents of this file become:

    Tue Apr 9 01:26:50 CEST 2024 stop

    in which only one line is logged, corresponding to the time when I issued
    the reboot command, with no follow-up lines after the reboot.
    My sysvinit configuration is unremarkably default and I encountered this problem on every Debian system under sysvinit.

    -- System Information:
    Debian Release: 12.4
    APT prefers stable-updates
    APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
    Architecture: amd64 (x86_64)

    Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
    Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE not set
    Shell: /bin/sh linked to /usr/bin/dash
    Init: sysvinit (via /sbin/init)
    LSM: AppArmor: enabled

    Versions of packages nftables depends on:
    ii libc6 2.36-9+deb12u3
    ii libedit2 3.1-20221030-2
    ii libnftables1 1.0.6-2+deb12u2

    Versions of packages nftables recommends:
    ii netbase 6.4

    Versions of packages nftables suggests:
    pn firewalld <none>

    -- Configuration Files:
    /etc/nftables.conf changed [not included]

    -- no debconf information


    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEbB20U2PvQDe9VtUXKYasCr3xBA0FAmYU+JoACgkQKYasCr3x BA1lLQ//RaRTwJZSqTW8p0Ln4LFWN1lrp/S7sMVwQet6Q3iWGvEfP6Bx1yZo+VdF VUTLtcx91wPQxIgAajch715Jew455or5lg0HHpYRne1wsWY/YrCMYxCbbu6qNziY XwUKbQBZKSFbOYPtoplVRZ/jfvzuXp2rPuk+eKvHKlNOvBaiVXtUrVM2+d15kgtn dMRux4qrLD6wRBs/aafkja+6LeeRRh9AMO5xTZmKTy05pZMkIgx+PPr1SxfR1igM C5hBY1w07YeqPzrWGWr4tMaOGeTtmphmjT+aXp+N/NiT57JjXKlvv2mYxsrk4qYp SaJdDocOJGra0ggkqL7piKibMcSj1CAA5XAhGvhhAVws0v+X31IMIiTeMofP76ib HdtUoaqjpkyGkZzZb+6fXKkbeqNUgapAiZRRTnyni9jjcObLUI+lCRFIV18art5G niNHPWc2KJXKWU4lJEG8ZQCLE32zNjkLZMzmHyLlzO7yrunys/nwj9pbOHyatUeg IO/mGpvdH3Uj13QzBpHPKeyxZlEyYckIi5GGU5sIaCoc1OW2civEwYY53CP6NDYa ozc4XiKSzEHYZXYh0z8BK2fouk42WTQytqZ4VyIYGc7lFOUNzk9WUXxk7vFgjOdP jKCdx4zTKCZsw4Cosyjtg01ExNBNHK+nIfeVw5ullUK+7GvtMXQ=
    =mGih
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)