net-firewall/iptables: allow for iptables' module autoload functionality

In commit cdc0031, a non working check were fixed. In addition, error handling was added. However, this introduced a behavior change for users who didn't load iptables on their own and relied on iptables' own capability to autoload required modules. This new revision restores previous behavior and allows for relying on iptables' module autoload capability again. Closes: https://bugs.gentoo.org/672366 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <[email protected]>
johu · Dec 2, 2018 · 8addacf · 8addacf
1 parent 4e9b2af
commit 8addacf
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/net-firewall/iptables/files/iptables-r1.init → net-firewall/iptables/files/iptables-r2.init b/net-firewall/iptables/files/iptables-r1.init → net-firewall/iptables/files/iptables-r2.init
@@ -64,7 +64,6 @@ checkconfig() {
 }
 
 start_pre() {
-	checkkernel || return 1
 	checkconfig || return 1
 }
 
@@ -135,7 +134,14 @@ save() {
 }
 
 panic() {
-	checkkernel || return 1
+	# use iptables autoload capability to load at least all required
+	# modules and filter table
+	${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -S >/dev/null
+	if [ $? -ne 0 ] ; then
+		eerror "${iptables_bin} failed to load"
+		return 1
+	fi
+
 	if service_started ${iptables_name}; then
 		rc-service ${iptables_name} stop
 	fi

diff --git a/...irewall/iptables/iptables-1.8.2-r1.ebuild → ...irewall/iptables/iptables-1.8.2-r2.ebuild b/...irewall/iptables/iptables-1.8.2-r1.ebuild → ...irewall/iptables/iptables-1.8.2-r2.ebuild
@@ -98,7 +98,7 @@ src_install() {
 	doins include/iptables/internal.h
 
 	keepdir /var/lib/iptables
-	newinitd "${FILESDIR}"/${PN}-r1.init iptables
+	newinitd "${FILESDIR}"/${PN}-r2.init iptables
 	newconfd "${FILESDIR}"/${PN}-r1.confd iptables
 	if use ipv6 ; then
 		keepdir /var/lib/ip6tables