On Thu, Mar 19, 2009 at 02:55:54PM +0100, Jan Engelhardt wrote: >>I decided to try to load the modules instead of just silently returning, > IMHO, it should not fail, not even silently, but return success. [..] > If x_tables.ko is not loaded, there cannot be any tables active > anyway, and thus would be equal to a loaded x_tables.ko with > no table modules (iptable_filter, etc.) loaded. > > >so that if iptables-save succeeds, you can reasonably expect > >iptables-restore to work as well. > > `echo '' | iptables-restore` does work. Hrm. You appear to be right. I somehow thought that iptables-restore would unconditionally try to load x_tables.ko. > One more reason to make iptables-save not outputting anything > returning 0. That makes sense. How about the case where someone calls "iptables-save -t foo"? Should that just return an empty string and exit(0), should it attempt module load to see if that's even a valid table or something entirely different? -- Soren Hansen | Lead Virtualisation Engineer | Ubuntu Server Team Canonical Ltd. | http://www.ubuntu.com/
Attachment:
signature.asc
Description: Digital signature
