/etc/iptables missing, despite being called on by /etc/runit/1

[fusion809]

Hi,

net-firewall/iptables installs the following files in /etc:

• /etc/conf.d/ip6tables
• /etc/conf.d/iptables
• /etc/init.d/ip6tables
• /etc/init.d/iptables

yet by default /etc/runit/1 depends on a file at /etc/iptables. I realize this is probably an upstream error (with regard to runit, not iptables) but do you have any plans to fix this? Or is there a fix already available that I'm unaware of? I realize symlinking /etc/init.d/iptables to /etc/iptables is an option but I suspect these files have been patched to work with OpenRC not necessarily with runit. Doing symlinking gives this error on startup:

Thanks for your time, Brenton

[powerman]

These files are not related to each other. /etc/conf.d/iptables is just a configuration variables for script /etc/init.d/iptables and neither is used by /etc/runit/1 by default. File /etc/iptables used by /etc/runit/1 is actually similar to file /var/lib/iptables/rules-save, usually defined by IPTABLES_SAVE="/var/lib/iptables/rules-save" in /etc/conf.d/iptables.

To create /etc/iptables you need to just save your current firewall settings:

# iptables-save >/etc/iptables

After doing this once you'll have an option how to support this file when you need to update firewall rules:

• edit it manually (which let you use comments in this file, for example) and then either reload current firewall setup with iptables-restore </etc/iptables or make same changes to current firewall setup manually;
• or by re-generating it using iptables-save >/etc/iptables after making changes to current firewall setup manually.

As for ip6tables - I didn't use it, but I suppose it's should be easy to add to /etc/runit/1 - add line ip6tables-restore </etc/ip6tables after line iptables-restore </etc/iptables and generate this file with ip6tables-save >/etc/ip6tables.

P.S. In general, with provided /etc/runit/1 the OpenRC files in /etc/conf.d/ and /etc/init.d are not used at all. Of course, it's possible to use OpenRC from /etc/runit/1 (see https://wiki.gentoo.org/wiki/Runit#Runit_and_service_management) but I prefer to have simple /etc/runit/1 doing all I need in 250-300 lines instead of 8800 lines in /etc/conf.d/* and /etc/init.d/* plus 5000 lines in /lib/rc/.