boot-66serv/local-iptables: iptables-flush path wrong

eric

can please you post the output of

# 66-inresolve -t boot local-iptables

stormc

Hi Eric, thanks for coming back to this! Here's the relevant part of the output of my -escaped variant not having the error:

Real_exec_finish : 
fdmove -c 2 1
/usr/bin/bash -c "
 
     exec 2>&1
 
     66-yeller -cdp local-iptables -1 /dev/console stops...
 
     if ! type -p iptables &>/dev/null; then
       66-yeller -fcdp local-iptables -1 /dev/console \"unable to find iptables\"
     fi
 
     while read -r table; do
         tables+=(\"/usr/share/iptables/empty-$table.rules\")
     done <\"/proc/net/ip_tables_names\"
 
     if (( ${# tables[*]} )); then
         cat \"${tables[@ ]}\" | iptables-restore
     fi
  "

Assuming "Real_exec_finish" is verbatim what's executed, the -escaping is indeed needed for bash -c "<code>" with <code> having (unescaped) double-quotes in it.

eric

maybe i found the trouble, please remove all you escaped character and replace

66-yeller -fcdp local-iptables -1 /dev/console "unable to find iptables"

66-yeller -fcdp local-iptables -1 /dev/console unable to find iptables

and tell us if it's work.

stormc

Hi Eric, here's the 66-inresolve output of the modified service that I tested:

fdmove -c 2 1
/usr/bin/bash -c "
    exec 2>&1
    66-yeller -cdp local-iptables -1 /dev/console stops...
    if ! type -p iptables &>/dev/null; then
      66-yeller -fcdp local-iptables -1 /dev/console unable to find iptables program
    fi
    while read -r table; do
        tables+=("/usr/share/iptables/empty-$table.rules")
    done <"/proc/net/ip_tables_names"
    if (( ${# tables[*]} )); then
        cat "${tables[@ ]}" | iptables-restore
    fi
 "

And guess what, it works :)
So, I guess the reasoning why this works is like 66-yeller simply prints all non-option args so we don't need to pass it just one message argument (by \"-escaping) and the other quoted strings are not concerned with word splitting, right?

eric

yes, but i think i have a little problem with 66-yeller concerning the parse process of the command line. i need to check it.
Also, a bug exist on the @ execute field. Please add an exit command after the 66-yeller call like this

if ! type -p iptables &>/dev/null; then
      66-yeller -fcdp local-iptables -1 /dev/console unable to find iptables program
      exit 111
fi

stormc

Thanks Eric, good catch, I'll update it.

« Previous Page