Debian12 Portmaster failed to start module

[mattkeenan]

What happened: XRef safing/portmaster#1239

installed portmaster via the .deb installer from safing.io
debian version is bookworm (12)
error code: Failed to start module: could not initialize nfqueue: exec: "iptables":executable file not found in $PATH
has the safing team tested portmaster on debian12? why does this error occur? how to resolve the issue?

This looks like a packaging issue. We use go-iptables which doesn't set up iptables directly with the kernel, it uses the iptables binary, so we need the .deb package to depend on the iptables package.

What did you expect to happen?:

XRef safing/portmaster#1239

Expected the module to start.

How did you reproduce it?:

Install .deb package on fresh Debian 12 and it doesn't also install iptables.

Debug Information:

Further debug info below.

[mattkeenan]

I've created a repo locally with a fix for this and I'm testing it right now, once I've confirmed it's working as intended then I'll send a PR.

[Raphty]

i assign @dhaavi to this, we just talked in the office as well. Thanks for the help!

[dhaavi]

Fixed by #90.

Although this is more of a workaround. It would be nice to switch to using nftables in the future.

[mattkeenan]

Although this is more of a workaround. It would be nice to switch to using nftables in the future.

Google do have a widely used (but non official) pure Go implementation of nftables; https://github.com/google/nftables it's heavily used and reasonably active. So it would mean one less dependency for installs. But obviously much testing would be needed.

[dhaavi]

Yup. I am looking into using that package, but as this is a very critical part of the software, it will take some time to build and thoroughly test.