Re: service iptables save, systemctl, and unhelpful error messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/15/2012 01:15 PM, Emanuel Rietveld wrote:

Currently, on Fedora 16, service iptables save prints the following:

# service iptables save
Redirecting to /bin/systemctl  save iptables.service
Unknown operation save
The service iptables save command is documented in a number of places and has been recommended to users for years. See, for example, the security guide: http://docs.fedoraproject.org/en-US/Fedora/16/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
This breaking with the systemctl move is expected, but the unhelpful error message is a usability bug. Executing services iptables save should print "This is no longer supported. Please execute /usr/libexec/iptables.init save" (See: https://bugzilla.redhat.com/show_bug.cgi?id=748134 )
From a technical perspective, that would mean the /sbin/service wrapper would need to be rewritten check a file for the command that is being asked to do, and print different error messages depending on the situation.
Of course that makes the currently simple wrapper script more complex, but if we want to keep moving forward as fast as Fedora is, we should make the extra effort to stay friendly to our users too.
Thomas Woerner has been working on a more user friendly firewall solution for Fedora so firewall solution is in a bit of state of flux in Fedora at this point in time and explains why things are as they are.
He was going to push this in at the same time as systemd as in Fedora F15 but due to various reasons he backed out of it at that time. 
( but it is one of F17 features )
Experienced admins dont use service iptables blah anyway ( they use iptables commands directly ) so it hardly matters to them documentation should however be updated for those that actually use service iptables blah to point this out so you should file a DOC bug for it.
Somehow I doubt that any bugs will be fixed for this in either systemd ( since this is not systemd bug ) or iptables ( since Thomas is working on the new stuff and this does probably not climb high enough in his priority list anyway he probably would not fix this until all the bits for that are in place).
So if you or others want this fixed I'm pretty sure either side ( most notably iptables ) would gladly review and accept patches should they be submitted. 

JBG

1. http://fedoraproject.org/wiki/Features/firewalld-default
2.http://fedoraproject.org/wiki/FirewallD/

--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux