[pkg-netfilter-team] Bug#995343: Add nftables Recommends: netbase?

[Trent W. Buck]

Package: nftables
Version: 0.9.8-3.1
Severity: wishlist

I propose adding "Recommends: netbase" to nftables.
This is mainly a hint to someone debugging why their ruleset
works on "normal" systems but not "embedded" systems :-)

Rationale follows.

"netbase" provides /etc/services (et al).

iptables depends on netbase, but nftables doesn't.

In nftables 0.9.0 and earlier, nftables has a compiled-in internal services database.
In nftables 0.9.1 and later, it uses /etc/services (via libc nss, I think).

It is entirely possible to use nftables without netbase, but
it can cause some unexpected behaviour:

    root at main:~# nft -c 'table filter {chain INPUT {tcp dport ssh;};}'

    root at main:~# dpkg -P netbase
    (Reading database ... 11064 files and directories currently installed.)
    Removing netbase (6.3) ...
    Purging configuration files for netbase (6.3) ...

    root at main:~# nft -c 'table filter {chain INPUT {tcp dport ssh;};}'
    Error: Could not resolve service: Servname not supported for ai_socktype
    table filter {chain INPUT {tcp dport ssh;};}
                                         ^^^

netbase is a quite small dependency, and its Priority: important means it is USUALLY already installed.



-- System Information:
Debian Release: 11.0
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'stable'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled