aif and iptables-persistent conflict

[vitstr]

Hey, I have similar problem. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778845;msg=2

[abelbeck]

Please excuse my Debian ignorance, but can't you just disable the "iptables-persistent" package ?

[vitstr]

@abelbeck I did so, but could not understand what the problem is. you may need to add the information in the FAQ?

[abelbeck]

To be clear, disabling the "iptables-persistent" package solved your problem ? but figuring out iptables-persistent was the conflict was the real issue ?

[vitstr]

Disabling autostart "iptables-pesrsistent" solved problem.

[abelbeck]

Got it, Thanks.

@arnova Possibly the Debian lib/systemd/system/arno-iptables-firewall.service Conflicts= could help, not sure how that works.

[vitstr]

Thank you for the aif :)

[arnova]

I think this should simply be fixed upstream by the Debian maintainer by adding a package conflict for iptables-persistent to the aif package. I don't see how systemd should handle this. Is there any valid use case anyway to have both packages installed?

[abelbeck]

Is there any valid use case anyway to have both packages installed?

No, I don't think so. AIF also sets network related sysctl's which I presume iptables-persistent does not.

If a person handled the sysctl stuff elsewhere, I suppose it could be possible to manage the startup/shutdown with iptables-persistent and set/change iptables rules with AIF, seems like a lot of trouble for a very special case (very, very large number of rules ?).

For practical purposes, I don't see how these two packages could easily, properly work together.

[arnova]

This was fixed upstream by Debian

[ezawadzki]

Seems to be not fixed in Debian 4.9.51-1 (2017-09-28)

[arnova]

Please forward this problem to Debian, there isn't much we can do unfortunately.