Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iptables: add back missing kernel modules for iptables #11982

Merged
merged 3 commits into from
Jan 21, 2025
Merged

iptables: add back missing kernel modules for iptables #11982

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
02406fc
add back kernel modules for iptables
dallasd1 Jan 17, 2025
65ff8c2
Update SPECS/iptables/iptables.conf
dallasd1 Jan 18, 2025
425c687
update config sig
dallasd1 Jan 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions SPECS/iptables/iptables.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
ip_tables
iptable_filter
iptable_mangle
iptable_nat
iptable_security
ip6_tables
ip6table_filter
ip6table_mangle
ip6table_nat
ebt_ip
nf_nat
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we add these modules as well:

ipt_ah 
ipt_ECN 
ipt_REJECT 
ipt_rpfilter 
ipt_SYNPROXY

Rationale: When i did a repro locally, I could see these modules also

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Were these enabled by default with the previous iptables package or only after the repro? If they weren't loaded before the repro, I don't think we'd want to add them to the conf file

3 changes: 2 additions & 1 deletion SPECS/iptables/iptables.signatures.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
"iptables": "a1981d0e5a7e6b0546d17fcddb5bdc6b639a136b5c2f7f2b2b54d18a41b3d6ac",
"iptables-1.8.10.tar.xz": "5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c",
"iptables.service": "40c2a272a6abb4d3e50ff9ae83cedaa241ad5963f27cb5aee113d15597553620",
"iptables.stop": "749be754470183b3edf69ff53109806a81e0b4c4578858faf96d23d59966ef5d"
"iptables.stop": "749be754470183b3edf69ff53109806a81e0b4c4578858faf96d23d59966ef5d",
"iptables.conf": "9e5c56a57c320c264c8a31a41caa32afa797672b52b4fbb0664b7a82218fef11"
}
}
11 changes: 10 additions & 1 deletion SPECS/iptables/iptables.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Summary: Linux kernel packet control tool
Name: iptables
Version: 1.8.10
Release: 3%{?dist}
Release: 4%{?dist}
License: GPLv2+
Vendor: Microsoft Corporation
Distribution: Azure Linux
Expand All @@ -13,6 +13,7 @@ Source2: iptables
Source3: iptables.stop
Source4: ip4save
Source5: ip6save
Source6: iptables.conf
BuildRequires: jansson-devel
BuildRequires: libmnl-devel
BuildRequires: libnftnl-devel
Expand Down Expand Up @@ -54,6 +55,9 @@ It contains the libraries and header files to create applications.
%install
%make_install

# Create the /etc/modules-load.d directory if it doesn't exist
install -vdm755 %{buildroot}/etc/modules-load.d

# Install daemon scripts
install -vdm755 %{buildroot}%{_unitdir}
install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
Expand All @@ -62,6 +66,7 @@ install -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/systemd/scripts
install -m 755 %{SOURCE3} %{buildroot}%{_sysconfdir}/systemd/scripts
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/systemd/scripts
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/systemd/scripts
install -m 644 %{SOURCE6} %{buildroot}/etc/modules-load.d

find %{buildroot} -name '*.a' -delete
find %{buildroot} -type f -name "*.la" -delete -print
Expand Down Expand Up @@ -123,6 +128,7 @@ fi
/usr/share/xtables/iptables.xslt
%ghost %{_sbindir}/ip{,6}tables{,-save,-restore}
%ghost %{_sbindir}/{eb,arp}tables{,-save,-restore}
/etc/modules-load.d/iptables.conf

%files devel
%{_libdir}/*.so
Expand All @@ -131,6 +137,9 @@ fi
%{_mandir}/man3/*

%changelog
* Thu Jan 16 2025 Dallas Delaney <[email protected]> - 1.8.10-4
- Add back kernel modules that were removed by enabling nftables

* Tue Nov 12 2024 Sumedh Sharma <[email protected]> - 1.8.10-3
- Enable nftables and use alternatives.

Expand Down
Loading