Jan Engelhardt wrote: > On Thursday 2009-03-19 14:50, Soren Hansen wrote: > >> On Thu, Mar 19, 2009 at 02:05:54PM +0100, Patrick McHardy wrote: >> >>>>> If the iptables modules are not loaded when iptables-save is run, >>>>> iptables-save will fail, because it can't open the relevant files in >>>>> /proc. This patch makes iptables-save attempt to load the modules, >>>>> and then retries. >>>>> >> Right. I thought about just silently bailing out, but decided to go this >> route instead. Explanation follows. >> >> $ sudo iptables-save >> iptables-save v1.4.1.1: Unable to open /proc/net/ip_tables_names: No such file or directory >> $ echo $? >> 1 >> >> I decided to try to load the modules instead of just silently returning, >> > > IMHO, it should not fail, not even silently, but return success. > If x_tables.ko is not loaded, there cannot be any tables active > anyway, and thus would be equal to a loaded x_tables.ko with > no table modules (iptable_filter, etc.) loaded. > That's my opinion as well. I've never understood why so many things are silently activated by "list" or "dump" commands. >> so that if iptables-save succeeds, you can reasonably expect >> iptables-restore to work as well. >> > > `echo '' | iptables-restore` does work. One more reason to > make iptables-save not outputting anything returning 0. > Agreed. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
